PII Storage and Encryption Guidelines

  • Any files containing sensitive Personally Identifiable Information (PII), including, but not limited to, Social Security numbers and health information, must be stored safely, preferably on a central UD service that uses encryption.
  • Files containing sensitive PII stored on centrally managed servers, departmental file servers, personal computers, or other departmentally managed devices or storage must be encrypted.
  • You must always re-encrypt a file if you've made any changes to it.
  • Delete unencrypted copies of a file after you've made an encrypted version.
  • AES Crypt, like some other encryption software, makes an unencrypted copy when you open an encrypted file. Delete the unencrypted copy when you are done viewing a file.
  • Remember the key (password) you used to encrypt your files. If the key gets lost, there is NO way for IT, or anyone, to decrypt files encrypted with AES Crypt. They will remain encrypted and inaccessible forever. (Click Encryption Key Management below for more information.)
  • Contact your department's or college's IT Professional or the IT Support Center if you require assistance while working with encrypted files.