Permanent link to this article
In the summer of 2006, Indiana passed a new law concerning data protection that makes "knowingly, intentionally, or recklessly" disclosing sensitive information (including social security number, credit card number, driver's license number, etc.) by a University employee a class D felony. The University strongly encourages everyone to purge any existing information of this type from their computers and to avoid using this data if possible.
If you are required to store sensitive data on a electronic device, you should protect yourself and the University by encrypting the data when it is not in use. Data stored in an unencrypted form can be read by an attacker or thief very easily. When that same data is encrypted using a key, only the person that knows the encryption passphrase will be able to decrypt the data.
The need to encrypt data extends to all means of storing data. This includes backups systems (tape drives, hard drives, etc.), data saved to another computer, data saved on a removable disk, and data burned to CD or DVD.
Because of their small size and portability, extra care needs to be taken with regards to mobile devices (notebook computers, PDAs, removable USB drives, and cell phones). These devices are very convenient to use, but that convenience comes with additional risk. The risk that this document addresses is that a notebook computer is more likely to be stolen, since it is carried around and sometimes left unattended. Therefore, sensitive data that is stored on your mobile device must be encrypted so any thief would not be able to decipher and read the sensitive data.
Keep in mind that the easiest and cheapest way to comply with this is to simply not store any sensitive data on your mobile device. A device with no sensitive data on it can be stolen with no risk of sensitive data disclosure. For example, you might only use remote desktop (or SSH) from your mobile device to connect to your secured desktop workstation, and keep all sensitive data on your workstation.
If you can not find an alternative to storing sensitive data on your device, here are some software programs you can use to encrypt that data while it is not in use.
Product Vendor Description Compatibility Price BitLocker Microsoft Encrypts entire hard drive Windows Vista Enterprise and Ultimate Free CompuSec CE Infosys Encrypts entire hard drive Windows and Linux Free Encryption Anywhere GuardianEdge Encrypts entire hard drive Windows $ PGP Desktop PGP Corporation Encrypts entire hard drive, secures e-mail, removable devices Windows and Mac $ SafeBoot Device Encryption™ for PC SafeBoot Encrypts entire hard drive, removable devices Windows $ PointSec Hard Disk Encryption PointSec Encrypts entire hard drive, removable devices Windows and Linux $ Utimaco SafeGuard Easy Utimaco Encrypts entire hard drive Windows XP/2000 $
Product Vendor Description Compatibility Price Data Vault Reflex Magnetics Virtual drive encryption and secure wipe Windows $ GNU Privacy Guard GnuPG Encrypt e-mail, files Windows, Unix, and Linux Free TrueCrypt TrueCrypt Foundation Secure files, folders, removable disks Windows and Linux Free Encrypting File System (EFS) Microsoft Windows Secure files and folders Windows Built into Microsoft Windows FileVault Mac OS X Encrypt home folder and files Mac Built into Mac OS X Mac GNU Privacy Guard Mac GnuPG Secure e-mail and files Mac Free
Product Vendor Description Compatibility Price Computrace Absolute Software Locates and recovers a lost or stolen PC Windows and Mac $