Information Technology Services

When Encryption is Mandatory

Details

By law: on any portable device (e.g., laptop, netbook, tablet, smartphone), or removable media (e.g., CD, thumb drive, portable disc drives), or any desktop computer or server that is NOT secured within a Dartmouth data center containing Protected Health Information, or Personally Identifiable Information (name + SSN or driver's license#, or gov't issued ID#, or bank/credit card#). PHI and PII are NOT required to be encrypted when protected by other secure means within a locked data center. PII and PHI Data in transit, including email: must be encrypted when in transit outside the Dartmouth network (including Dartmouth wireless).

By Dartmouth policy: same as above, PLUS any portable device or media containing confidential information (defined as Level 2 or 3 data under DISC policy).

Encryption solutions:

  1. For laptop, desktop, and some unprotected servers, as well as portable disc and removable media: PGP whole disc encryption, available from Information Technology Services.
  2. For data in transit, SSL or other communications encryption solutions, available from Information Technology Services.
  3. For email in transit outside Dartmouth, or within Dartmouth if necessary: Microsoft Forefront (not yet deployed). In the interim, place content in Word or PDF file and simply password protect the file and attach it to the message. Share the password with the recipient via separate communication.
Topic: 
Computer and Device Services
Subtopic: 
Desktops and Laptops
Last updated: 
Monday, August 15, 2016

If you have questions or need further information, contact your department's IT support office, or contact the IT Service Desk via email at [email protected], via phone at 603-646-2999 or walk in to see them in Baker/Berry 178J.

Close
Information Technology Services