Encryption at Pacific
Encryption protects data from unauthorized disclosure by encoding it with a password. You should always encrypt sensitive data, such as personally identifiable information or protected information, when there is risk that it will be lost or stolen. The University's Office of Information Technology strongly recommends the use of encryption for other sensitive or confidential information.
Pacific defines Confidential Information within the Information Technology Policies as:
Confidential Information is the strictest data classification used by the University and requires maximum control. Depending on the nature or contents of the Confidential Information, disclosure or alteration of this type of information could cause great harm to an employee, student or the University. Confidential Information requires safeguarding, either due to the requirements of law or because of the mandates of prudent and reasonable practices. Access to Confidential Information is limited to specifically authorized individuals of the University and denied to all others, unless and until directed by an officer of the University and upon advice of legal counsel of the University.
The University of the Pacific provides four options for faculty and staff seeking to encrypt data: encrypting with Microsoft Office, encrypting with special software that encrypts individual files, encrypting folders with special software and attaching them as a mapped network drive, and software that encrypts your entire computer. The first two options are acceptable for transmitting highly sensitive information via email.
Encrypting Individual Files
7Zip software for Windows also allows the encryption of individual files. Please note that 7Zip does not automatically encrypt files. Additionally, once encrypted these files will require the password for retrieval. If the password is ever forgotten, the data will be permanently lost. OIT only recommends individual file encryption for the transmission of files by electronic mail or similar means. For secure electronic file delivery, OIT provides the Accellion secure email attachment system. For more information on Accellion, please see the OIT FAQ Accellion pages. It is also possible to decrypt encrypted ZIP files on a Macintosh. Please see the OIT FAQ site for more information on how to use 7Zip.
At times it is necessary to send or transfer groups sensitive or confidential data files electronically. Truecrypt software can be used to create encrypted folders or file containers within Windows or Macintosh computers. Please see the OIT FAQ for more information. Additionally, Macintosh computers support their own encryption of personal folders. For more information on the native Macintosh encryption, please visit the Apple Support site. One important thing to keep in mind is that if the passwords used for encrypted folders are lost, the data is lost.
Encrypting USB Thumb Drives
When sensitive or confidential information needs to be transferred or stored on portable USB thumb drives, OIT strongly recommends the use of encryption for the protection of University data. Additionally, encryption may be required if working with protected information such as medical records or payment card data. OIT recommends the use of hardware-based encrypted USB thumb drives from IronKey. The Basic or Personel USB IronKey thumb drives are ideal and can be purchased from a number of online retailers. Truecrypt software can also be used to create encrypted USB thumb drives for use with Windows or Macintosh computers. Please see the OIT FAQ for more information.
Encrypting Your Entire Computer
Pacific offers software to encrypt entire disks for both Windows and Macintosh systems. OIT strongly recommends the use of this software on mobile computers that contain sensitive University information.
Encrypting your computer only protects the files stored on your hard drive and only during the time they are stored on that drive. If you copy files to CD, USB drive, or send them electronically, you must use individual file encryption option described below to protect them.
If you are using a Windows or Macintosh system, you may submit a request for computer encryption to the Customer Support Center (CSC) via the phone at 209.946.7400 or by email.
The following encryption algorithms are currently approved for use with Sensitive and Highly Sensitive University information:
- Advanced Encryption Standard (AES)
- Triple Data Encryption Standard (2DES) with three keys
- RSA (with at least 1024-bit key)
If you would like to consider another algorithm for approval, please contact the CSC on the Stockton campus at 209.946.7400 or by email.