Store personal identifiable data on centrally managed systems
If you store data on centrally managed systems, the data will be physically stored in secure data centres. It will be stored on reliable disks, with security measures in place on the server systems.
University-wide applications like CHRIS, CamSIS, X5 and CUFS are all centrally managed. You can use these for storage of personal data (in line with each system’s procedures). The Electronic Document Management System (EDMS) is also used in some departments and divisions.
The University also has centrally managed, general-purpose storage systems. Find out more about data and file storage services.
Encrypt devices used to store data
If you store personal data on portable systems or devices, the device should be fully encrypted
On a laptop or tablet, turn on full-disk encryption, if it is not already. (See How to check if my laptop is encrypted.)
Full-disk encryption relies on you using a password, PIN or smart card to log into your device. For some tablets and phones, you can make this easier by linking it to a fingerprint, iris scan or face recognition.
If you write down the password or PIN, it must be kept entirely separate from the device.
- Android: There many different types of Android running on different kinds of hardware. Not all of these provide reliable encryption. Storing personal data on an Android device is not recommended, even if the Android device claims to be encrypted.
- iOS: All versions of iOS since iOS 3 use disk encryption, provided you’ve set up a passcode for your iPhone or iPad.
- Linux: Linux has several disk encryption options, depending on the hardware and software you use. If set up correctly, Linux full-disk encryption provides strong protection, but the setup process can be demanding. Check with your local IT support team or Computer Officer.
- Mac: FileVault disk encryption is available on some editions of MacOS X (10.7 Lion and later). Earlier versions of MacOS had FileVault, but based on different encryption technology. It is not recommended as a good way to protect the data on your computer.
- Windows: BitLocker disk encryption is available on some editions of Windows. This includes Windows for tablets and smartphones. Check with your local IT support team.
When you turn on device encryption, you may be given a 'recovery key' or asked to set up a recovery account, like an Apple ID. Keep these safe. You will need them to get back into your device if you forget your normal password or if something goes wrong with the device hardware.
Encrypt data when sending by email
If you need to send data by email, encrypt it first and send the key to the recipient separately, and not by email.
To turn a file or set of files into an encrypted archive for emailing, you’ll need some software on your computer to create the encrypted archive. The following are good options:
If you don’t have one of these utilities installed, or you need help using any of them, you should seek advice from your local IT support.
When you create the encrypted archive, choose the 7z format for the archive, and turn on encryption by specifying a password. The password should be a random jumble of characters and numbers. It will only be needed when the recipient opens the encrypted archive so no-one will need to remember it. You can get a random password in your web browser from www.random.org.
Email the encrypted archive to your recipient. Do not email the password to them. Send them the password via some other way, such as text message, WhatsApp message, calling them or even posting the password to them.