Electronic Data Encryption Policy Overview
Introduction
This policy promotes good practice to ensure all confidential data, data about individuals and sensitive electronic data is stored and transmitted in a secure manner. This data should be encrypted before storing on mobile devices, including laptops, or transmitting outside the University's secure wired network. Avoid problems by not downloading data about individuals or sensitive data. Whenever possible access the data online using the remote desktop (for SHU staff only).
Third party hosting must not be used for University data unless held in a physically secure data centre in a country with enacted adequate Data Protection legislation or signatory to the EU-US Data Privacy Framework scheme, and has also been authorised by the Chief Information Officer of IS&T or nominee. All University encryption keys used must be stored centrally with IS&T.
Key Points
- It is the users responsibility to ensure all confidential, personal and sensitive electronic data is encrypted if used away from the University secure wired network,
- The use of third party hosting must be authorised beforehand,
- The University's encryption keys must be stored centrally.
The Policy Document
The complete policy can be found here.
Guidance
Further guidance (for SHU staff only) is available here.
