Skip to end of metadata
  • Created by Former user, last modified by Former user on Dec 09, 2021
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 11 Next »

It is always a good idea to encrypt your data, and with modern computing devices, enabling full disk encryption is usually a very simple process. However, in some cases encrypting data can be costly and may require considerable effort. While we strongly recommend that you always encrypt your data, the choice to do so is yours.  Here is some guidance:

Encryption enhances the trustworthiness of the data

Preserving data integrity is becoming more and more important.  Keeping data encrypted except when in work protects it against malicious and non-malicious modification. 

When encryption is a requirement

Encryption is often a requirement for sensitive data, for instance in the following cases:

  • If you are working with regulated data where the encryption is required either by law or by IU policy, such as PHI
  • If the data you are working with is subject to a contract, data use agreement, IRB approval, etc that requires encryption
  • If you are working with institutional data that is classified as critical data

When encryption is difficult or impossible

In certain, very limited cases, encryption may not be possible on a system, in which case other mitigating controls can be used to ensure the data is protected. In cases such as this where sensitive data is involved, the system and the mitigating controls in place must be approved by the relevant parties. Depending on the circumstance, the relevant parties could include the Office of Research Compliance (ORC), Institutional Review Board (IRB), University Information Policy Office (UIPO), or the Data Stewards. If you would like assistance reviewing your use of encryption, or assessing compensating controls, please contact us at securemyresearch@iu.edu

Directions

  1. For instructions on encrypting your data, use the related articles and search function below for instructions depending on what type of system you are using.


Email securemyresearch@iu.edu if you have other questions about cybersecurity or compliance relating to your research project.


Beware of this pitfall

A common misconception is that it is inherently secure to send data from your workstation to another system simply because your system has full disk encryption enabled. In truth, when a file is sent in this scenario the file is unencrypted prior to being sent. This means that the unencrpyted file is being transmitted and arrives unencrpyted at the recipients end. Even in the case that you use an encrypted channel such as https, this only ensures that the transmission of the file is encrypted. The end result is the same and the file that is received will be the unencrypted version of the file you sent. To ensure that the data you are sending arrives as an encrypted file, you must encrypt that file using file-level encryption prior to sending it.

We want your feedback

Please email securemyresearch@iu.edu to report errors/omissions and send critiques, suggestions for improvements, new use cases/recipes, or any other positive or negative feedback you might have.  It will be your contribution to the Cookbook and appreciated by all who use it.


  • No labels