Standards and Instructions for Data Encryption

Data encryption is a process of securing computer files by instituting safeguards that make the files unreadable to everyone except for the holder of the encryption key. Data encryption is required on all laptops owned by UTSA.

 
Why Encrypt UTSA-owned Laptops and Devices?
A UT System initiative requires all university-owned laptops be encrypted. Supporting information can be found in UT System policy UTS165, Information Resources Use and Security, and Security Practice Bulletin #1 (PDF).
If an unencrypted laptop or external storage device - is lost or stolen, the data could be exposed and cause harm to individuals and/or the university. The risk is increased if the device contains sensitive data. More information on how to encrypt a university-owned laptop can be found on the Encryption of UTSA Devices page.
 
What is “Sensitive Data”?
The UTSA Office of Information Security has developed the Data Classification Standard to help you determine the sensitivity of your data. While whole disk encryption is required for all laptops, encryption and passwords are recommended for all portable devices to ensure your data is secure.

Encryption for UTSA-owned Desktop Computers
In May 2013, UT System informed all member institutions that the next phase of the data encryption process will involve the encryption of all university-owned desktop computers, beginning with high-risk computers. At UTSA, staff members from the Office of Information Technology will meet with departments and colleges to identify high-risk computers. These computers will be encrypted by May 2014. More information will be provided as the encryption process proceeds.
 

Encryption for Personally-owned Computers
From UT System:
A personally owned computer must be encrypted if it contains any of the following types of University
information*:
 
  1. Information made confidential by federal or state law, regulation, or other legal agreement. This includes, but is not limited to, data protected by FERPA, HIPAA, the Texas Public Information Act, and the Texas breach reporting law (Business &Commerce Code Section 521.002(a)(2)). Examples: education records, patient medical treatment and payment records, Social Security Numbers, credit card numbers.
  2. Federal, state, university, or privately sponsored research that requires confidentiality or is deemed sensitive by the funding entity.
  3. Any other information which has been deemed by the UT System or a UT System institution as essential to the mission or operations of System to the extent that its integrity and security should be maintained at all times. 
* “University information” means all recorded information created or received by or on behalf of the University (or System) that documents activities in the conduct of state business or the use of public resources. This includes all information generated by a University employee in the course of performing his or her duties regardless of whether it was created and/or located on a personal device owned by the employee.
There are several free software solutions that can be used to encrypt personally-owned devices. More information is available on the Encryption for Personal Devices page.

Now Available: Encrypted Portable Devices
There may be occasions when you need to transport sensitive data. Because of the risk of exposure, this data must be encrypted. The UTSA Office of Information Security distributes encrypted flash drives for faculty and staff members who need a secure way to transport sensitive data. Find out more on the Encryption for Portable Devices page
.

Related Policies and Standards
 

<< Back