Encryption

What is encryption?

Encryption is a process that turns the information stored on your device into unintelligible text characters that cannot be deciphered and read without the decryption key. An encrypted device will not convert its encrypted information back into plaintext unless the user provides the correct password. 

However, encryption is not the same as password protection. Passwords can be broken or bypassed, and hard drives can be stolen. If the hard drive of a compromised device is unencrypted, the information stored on it can be read by those with less than honourable intent. 

Encryption takes your security one step further by actually converting the information stored on your hard drive into unintelligible text. Encryption ensures that if someone does break or bypass your password, the information on your computer cannot be read. 

Why is encryption important?

As a member of the UAlberta community, your devices contain sensitive information about the University, its students, its professors, its employees, and/or its research. This data is a target for hackers and identity thieves, and passwords are not enough to keep it safe.

A study by Kensington, a security industry organization, reveals:

  • One laptop is stolen every 53 seconds.
  • 70 million smartphones are lost each year, with only 7 percent recovered.
  • 80 percent of the cost of a lost laptop is from data breach.
  • 52 percent of devices are stolen from the office/workplace, and 24 percent from conferences.

These statistics inform how we must deploy cyber security. Encryption ensures that if someone takes your device, they cannot read the information on it. 

What types of devices need to be encrypted?

Any mobile or portable personal, external, or University-owned device that contains University information must be encrypted. This includes laptops, mobile phones, tablets, and USB flash drives. Servers and desktop computers storing sensitive information must also be encrypted. Encrypting these devices is in accordance with standards developed by the Office of the Associate Vice-President & Chief Information Officer. 

Who needs to encrypt?

The short answer: everyone. Encryption protects your files, photos, accounts, and information. If you have anything on your device intended for your eyes only, then encrypt it.

Members of the UAlberta community have an extra responsibility to encrypt because their devices may contain confidential University information. Failing to encrypt a device containing University-sensitive information can:

  • damage the University's reputation;
  • endanger the people whose personal information is compromised;
  • result in investigation and penalty from privacy and legislative bodies.

By encrypting your device, you are ensuring that you are doing all you can to protect the University and its people. 

What sort of information can encryption protect?

Encryption protects any information stored on your device and/or your device's hard drive, and it is especially important for protecting sensitive information.

According to the University's Information Access and Privacy Office, sensitive or confidential information is defined as all information that has been collected or compiled in the conduct of operating the programs and services of the University, and may include:

  • personal information about an individual as defined in the Alberta Freedom of Information and Protection of Privacy Act (including personal financial, social insurance, work history, and contact information);
  • health information as defined in the Alberta Health Information Act;
  • confidential business information of third parties;
  • confidential information collected or compiled in the process of hiring or evaluating employees of the University;
  • information collected or compiled in the process of law enforcement investigations;
  • advice, proposals or recommendations, consultations or deliberations of the governing and administrative authorities of the University;
  • information, the disclosure of which would harm the economic interests of the University;
  • any information to which legal privilege, including client-solicitor privilege, may apply.