It is always a good idea to encrypt your data, and with modern computing devices, enabling full disk encryption is usually a very simple process. However, in other cases, encrypting data can be costly and may require considerable effort. While we strongly recommend that you always encrypt your data, the choice to do so often comes down to whether encryption is required or not. To answer this question, encryption is required in the following cases:
- If you are working with regulated data where the encryption is required either by law or by IU policy, such as PHI
- If the data you are working with is subject to a contract, data use agreement, IRB approval, etc that requires encryption
- If you are working with institutional data that is classified as critical data
In certain, very limited cases, encryption may not be possible on a system, in which case other mitigating controls must be in place to ensure the data is protected. In cases such as this, the system and the mitigating controls in place must be approved by the relevant parties. Depending on the circumstance, the relevant parties could include the Office of Research Compliance (ORC), Institutional Review Board (IRB), University Information Policy Office (UIPO), or the Data Stewards. If you would like assistance reviewing your use of encryption, or assessing compensating controls, please contact us at securemyresearch@iu.edu
Directions
- For instructions on encrypting your data, use the related articles and search function below for instructions depending on what type of system you are using.
Email securemyresearch@iu.edu if you have other questions about cybersecurity or compliance relating to your research project.
Insert excerpt |
---|
| How do I secure my own environment? |
---|
| How do I secure my own environment? |
---|
nopanel | true |
---|
|