Encrypting Personally Identifiable Information (PII)

To better protect the sensitive data that the University of Delaware collects, all computer files that contain confidential, sensitive, or high-risk information must be encrypted.

Encryption is a process whose goal is to make data usable only by those who are authorized to do so. When you encrypt a file you use a specific key to make a copy that is generally unreadable. The file can only be decoded using a matching decryption protocol and an appropriate decryption key. In essence, encryption is a form of digital lock that prevents anyone from accessing data without one of these keys. If a computer is stolen or used by someone without permission, encrypted files and folders will be inaccessible.


Guidelines

Learn more about the University of Delaware's PII guidelines:

PII Storage and Encryption                   

Encryption Key Management                  

  • Any files containing sensitive Personally Identifiable Information (PII), including, but not limited to, Social Security numbers and health information, must be stored safely, preferably on a central UD service that uses encryption.
  • Files containing sensitive PII stored on centrally managed servers, departmental file servers, personal computers, or other departmentally managed devices or storage must be encrypted.
  • You must always re-encrypt a file if you've made any changes to it.
  • Delete unencrypted copies of a file after you've made an encrypted version.
  • AES Crypt, like some other encryption software, makes an unencrypted copy when you open an encrypted file. Delete the unencrypted copy when you are done viewing a file.
  • Remember the key (password) you used to encrypt your files. If the key gets lost, there is NO way for IT, or anyone, to decrypt files encrypted with AES Crypt. They will remain encrypted and inaccessible forever. (Click Encryption Key Management below for more information.)
  • Contact your department's or college's IT Professional or the IT Support Center if you require assistance while working with encrypted files.
  • Work with your unit administrator to decide how you will select encryption keys. You will do one of the following:
    • If IT encrypted one or more of your files with AES Crypt, you can continue using the key IT provided.
    • If you choose to use your own key, you will need to choose a strong key that is impossible to guess. You are advised to use random letters, numbers, and symbols. Consider using a password generator to create a secure key.
  • Check with your unit administrator to understand how your unit will keep encryption keys secure and available for operational continuity. Your unit's encryption keys:
    • must be secured from loss, destruction, unauthorized access or modification at the same level as the data they protect
    • must not be stored or sent in clear text that identifies them as encryption keys or that identifies the file(s) they protect.
  • When sharing an encrypted file, send the key using a different communication channel from the one used to send or share the encrypted file. For example, do not send the key in the same e-mail message that contains a link to the encrypted file or that includes the encrypted file as an attachment. Instead, communicate the key using a separate e-mail, a phone call, or an in-person meeting.
  • Remember the key (password) you used to encrypt your files. If the key gets lost, there is NO way for IT, or anyone, to decrypt files encyrpted with AES Crypt. They will remain encrypted and inaccessible forever.
Encryption Tools

There are several ways to encrypt files containing PII. IT uses AES Crypt to encrypt files containing Social Security Numbers (SSNs) found during routine scans of University servers. If you see a file with the ".aes" file extension, it has been encrypted. To receive the password to decrypt the file, you must contact the IT Support Center


In addition to AES Crypt, both Windows and Mac operating systems have built-in encryption functionality. Microsoft Office for both Windows and Mac also has built-in encryption specifically for Office documents. 

AES Crypt
Windows Mac and Linux
We have published directions for installing and using AES Crypt on Windows computers. If you require assistance using AES Crypt on a Macintosh or Linux system, check with your department's IT professional or contact the IT Support Center.
Built-In Native Encryption
Windows Mac
Native encryption for Windows allows you to encrypt folders or individual files. Native encryption for Mac allows you to encrypt folders by converting them into disk images.
Microsoft Office Encryption
Office for Windows Office for Mac
Microsoft Office's built-in encryption allows you to directly and easily encrypt Office files from within their respective applications (Word, Powerpoint, Excel). The encryption is automatically updated with each save, which helps streamline your workflow while maintaining PII security.