Encryption
Personal Responsibility
Legally, you are personally and fiscally responsible for any information disclosure from your computer or mobile devices, whether accidental or not. IRT Security is here to help you protect yourself: encryption is a one-time, necessary step you can take now to prevent trouble in the future. Stanford is now requiring all computers on its network to be encrypted. Read on for details, and use the quick links to get started.
Data Security Program
The Data Security Program at the School of Medicine oversees compliance with Stanford policy and federal law. The program will be conducting ongoing assessments of the devices and the kinds of data users work with. As of May 31, 2015, the SoM requires encryption of all devices used to access Stanford resources—whether they are owned by you personally or by the University.
Find out more about the Data Security Program, and read more about the security standards,: med.stanford.edu/datasecurity.
To check whether you and your devices are in compliance, visit amie.stanford.edu.
If you feel that, due to a specific circumstance, your computer or device cannot be successfully encrypted, read about how to apply for an exemption.
Data Classification: What Data Must Be Encrypted?
Stanford's new security initiatives require all computers accessing the Stanford network to be encrypted, so that all information at rest will automatically be encrypted. The three following classes of information must also be encrypted while in transit (via email, mobile device or portable drive.)
If you work remotely, you should encrypt your home computer as well. If your machine or device cannot be encrypted for technical reasons, then you cannot store Moderate or High Risk (previously prohibited or restricted) information on it, PERIOD.
As of May 2015, a new set of classifications has been established and is now in effect for Stanford data: High Risk, Moderate Risk, and Low Risk. The former framework - Prohibited, Restricted, Confidential, and Unrestricted - will be phased out by January 2016.
The following definitions are excerpted from Stanford IT Services' Risk Classifications page:
High Risk Data
(Previously "Prohibited")
Information is classified as “High Risk” if protection of the information is required by law/regulation; if Stanford is required to self-report to the government and/or provide notice to the individual if information is inappropriately accessed; or if loss or disclosure of the information would damage Stanford's safety, mission, finances or reputation. [High Risk data must be removed from your hard drive unless you have explicit permission from the Data Governance Board to have it on your system. High Risk data must be encrypted.]
Note: If a file which would otherwise be considered to be Moderate or Low Risk contains any element of High Risk Information, the entire file is considered to be High Risk Information.
Common types of High Risk Data include:
- Health Information, including Protected Health Information (PHI)
- Health Insurance policy ID numbers
- Social Security Numbers
- Credit card numbers
- Financial account numbers
- Export controlled information under U.S. laws
- Driver's license numbers
- Passport and visa numbers
- Donor contact information and non-public gift information
Moderate Risk Data
Previously "Restricted Information"
Information is classified as “Moderate Risk” if it is not considered "High Risk" and (i) the data is not generally available to the public, or (ii) the loss of confidentiality, integrity, or availability of the data or system could have a mildly adverse impact on our mission, safety, finances or reputation. [Moderate Risk data must be encrypted.]
Common types of Moderate Risk Data include:
- Unpublished research data (at data owner's discretion)
- Student records and admission applications
- Faculty/staff employment applications, personnel files, benefits, salary, birth date, personal contact information
- Non-public Stanford policies and policy manuals
- Non-public contracts
- Stanford internal memos and email, non-public reports, budgets, plans, financial info
- University and employee ID numbers
- Project/task/award (PTA) numbers
- Engineering, design and operational information regarding Stanford infrastructure
Low Risk Data
(Previously "Confidential Data")
Information is classified as “Confidential” if it is not considered Moderate or High Risk and (i) the data is intended for public disclosure, or (ii) the loss of confidentiality, integrity, or availability of the data or system would have no adverse impact on our mission, safety, finances or reputation.. [Low risk data is not legally required to be encrypted, but Stanford strongly recommends it.]
Common types of Low Risk Data include:
- Faculty/staff employment applications, personnel files, benefits information, salary, birth date, and personal contact informationResearch data (at data owner's discretion)
- SUNet IDs
- Information authorized to be available on or through Stanford's website without SUNet ID authentication
- Policy and procedure manuals designated by the owner as public
- Job postings
- University contact information not designated by the individual as "private" in StanfordYou
- Information in the public domain
- Publicly available campus maps
Getting Started With Encryption
There are instructions on the Data Security page that will walk you through the steps necessary to fulfill the School of Medicine's security requirements for each of your devices. Before you begin, however, being prepared ahead of time for the following steps may help you streamline the encryption process.
Preparing for Encryption: Backing Up
In case something goes wrong during the encryption process, you should back up your computer before running the SWDE installer.
The requirement to use CrashPlan has been suspended for now, but it is still strongly recommended as a secure, monitored, convenient, and free backup solution. Additionally, the SoM can assist you in restoring your information from CrashPlan, in the event of a hard drive crash or lost computer.
For instructions and help with installation, visit the Data Security Program's CrashPlan Guide.
Preparing for Encryption: Key/Password
For desktop and laptop computers, Stanford Whole Disk Encryption (SWDE) installer makes certain that your computer has all the necessary requirements, and then guides you through the activation of your computer's native encryption software (FileVault for Mac, and BitLocker for Windows).
(For mobile device encryption instructions, select your operating system: Apple/iOS or Android.)
Each time you access your system (on startup, after sleep/hibernation, etc), you use a "key" (password) to unlock your data. IF YOU CANNOT REMEMBER YOUR KEY, YOU WILL NOT BE ABLE TO ACCESS YOUR ENCRYPTED DATA.
In case of a forgotten key, it is likely that someone at ITS will be able to help you recover your data. However, we still recommend the following:
- Before you begin the encryption process, select a strong key or passphrase that you will use for the encryption. This will be the passphrase you will use every time you "unlock" your computer screen. Here are some hints for creating a strong passphrase. Do NOT use the same password as for your SUID.
- Write down the password and place it in a sealed envelope; store the sealed envelope in a secure location (e.g., a locked desk). THIS IS YOUR BACKUP IN CASE YOU EVER FORGET YOUR PASSWORD.
- When you install SWDE, which uses BitLocker or FileVault, you should do the same with the Recovery Key, a string of letters and numbers generated by the installer, and displayed on the screen, before proceeding with encryption: write it down and store it in a physically secure location. You will not need to use this key on a regular basis; it only serves as your backup, in case of a lost password. BigFix will store a copy with ITS automatically, as well.
- As with all passwords, do not share these with anyone.
Once you have selected your login password and backup method, you are ready to move on to the encryption process.