Information Technology Division
Computing & Communications Center

Encryption of Sensitive Information Standard

Purpose

The purpose is to reduce the risk of a data exposure attributed to a WPI breach.

Background

Encrypting sensitive information increases overall information security, mitigates some financial risk and meets compliance guidelines for state and federal regulations. By reducing the risk of a breach we reduce an individualís risk of data exposure which could expose one to identify theft. WPIís financial risk is also reduced by not having security breaches which could result in adverse negative publicity, adversely impact WPIís competitive advantage, and break non-disclosure & other legal agreements.

Data encryption has become a standard by the Commonwealth of Massachusetts Consumer and Business Regulation Division to protect personally identifiable information.

NOTE: This is an interim guideline pending a more complete solution made available and deployed by the WPI Information Technology Division. Followers of this guideline should expect other additional solutions will be made available.

Scope

The scope includes portable devices storing sensitive information. Portable devices include, but are not limited to, the following equipment.

Standard

Questions and Help

For assistance, contact the Information Security Office at itsecurity@wpi.edu. They will also assist with the necessary technology to comply with this standard.


Revision:

December 2, 2008: The Information Technology Division endorsed this guideline.

October 2, 2009: The Information Technology Division added Cell phones and PDAs, and based on the MA Privacy Legislation, changed this from a guideline to a standard.

Archive

Encryption of Sensitive Information Standard - 10/09
Maintained by itweb
Last modified: Oct 13, 2009, 16:48 EDT
[WPI] [CCC] [Top]