XClose

Information Security

Home
Menu

Encryption

Encryption is a process of encoding (sensitive, personal, confidential, highly confidential) data in such a way that only authorised parties can access it.  Only parties who have been issued with the encryption key are able to decrypt the data. 
Why is encryption important?

You may have read about incidents where personal data has been stolen, lost or subject to unauthorised access. In most cases, these were caused by data being inadequately protected or the devices the data was stored on being left in inappropriate places.

It is UCLs legal obligation to ensure that personal data is processed safely and securely. There are a number of ways to do this, encryption being one of them. You can encrypt your laptop (hard disk), individual documents and emails.

Properly applied encryption is an excellent way to protect confidential information. If you have taken reasonable steps to apply strong encryption, this is a very good way to demonstrate that you have attempted to apply appropriate security, should you need to explain or justify your actions.

What data should I encrypt and when?

Any personal data classed as "special category personal data" by the Data Protection Legislation. Any sensitive, confidential and highly confidential data, that is not in the public domain i.e financial and organisational internal affairs information.

  • Personal data in any quantity where its protection is justified because of the nature of the individuals, source of the information, or extent of the information.

To protect the confidentiality of UCL's information data should be encrypted when you send data via email (transfer), or storing data on UCL managed services (storage) (N and S drive, UCL OneDrive, UCL Sharepoint).

What should I do before transferring sensitive and personal data?

Ask yourself why “ Why are you sending personal data? Could this data be sent without the personal details? If you still need to send the personal data use one of the following options:

  1. E-mail: Encrypt the file using as explained below. Contact the recipient to tell them the password “ DO NOT INCLUDE THE PASSWORD IN THE EMAIL WITH THE FILE!
  2. Create a shared folder on the S:Drive where you can save the file and grant the recipient access to the folder, and notify them when the file is ready for collection.
  3. If this is going to be regular task, create a SharePoint site (http://www.ucl.ac.uk/isd/services/comms-collaborate/sharepoint). Restrict access to folders to the recipient only. Upload your file to the folder and notify the recipient that the file is ready for collection.
  4. Upload the file to UCL Onedrive. Share the link to the file with the recipient.

For external UCL transfers:

Where ever possible use a secure web interface to transfer the data You may upload the file to UCL OneDrive and share the link with the external recipient. You should encrypt the file and share the password separately If you have no other alternative, then encrypt the file using 7Zip and e-mail the file. DO NOT INCLUDE THE PASSWORD IN THE FILE TRANSFER. Contact the recipient and provide them with the password.

Guidance Documents: