Close
Encryption helps keep data private by converting it to an unreadable format. Only people who have the encryption key are able to decrypt the data. Below are guidance documents on the use of encryption at UCL, some use cases, and guides for users who need to use encryption.
Guidance Documents
- Guidance on the Storage of Sensitive Data on Portable Devices and Media
- Guidance on Encryption of Email and Email Attachments
Use Cases
- I want to email confidential information
For example: CVs, application forms, scanned passports.
See section on email encryption.
If you want to share confidential information by email, remember to make sure that those you are sharing with know to send that confidential information back encrypted.
- I want to send confidential information from within an application I'm using
Firstly do you know how the application sends that information? You may want to do a risk assessment to help you decide if it's a good idea or not. If in doubt encrypt and send by email.
See section on email encryption.
- I want to store confidential information on a shared drive (N or S drive)
If you want to store confidential information on a shared drive such as the N drive or the S drive, encrypt the data first.
See section on document encryption.
- I want to store identifiable medical information
If you want to store identifiable medical information, consider using the Data Safe Haven: https://www.ucl.ac.uk/isd/services/file-storage-sharing/data-safe-haven-dsh
- I want to store confidential information in an application I'm developing
If you want to store confidential information in an application that you're developing, make sure you contact ISG for a risk assessment. If you decide to go ahead, don't forget to encrypt backups.
- I want to share a password for a file I've encrypted
If you need to share a password for a file you've encrypted, ensure that the password is sent using a different method to the method used to send the file.
If the file has not been sent by email then you can send it by email.
If the file has been sent by email you can use a phone call, or a text message.
- I want to share/store non-confidential information
If you want to share or store non-confidential information then you do not need to encrypt the information. Just make sure that the information really isn't confidential.