Encrypt Stored Data

See the Device Encryption Standard in the University's Information Security policy for specific requirements that you must follow. Practice Safe Computing has information about encryption on Enable Security Features on Your Device and Use Your Device Securely pages.

Select an Encryption Product

Built-in the Operating System

Operating SystemProductWebsiteNotes
MacintoshFile Vaulthttps://support.apple.com/en-us/HT204837

Full disk and folder encryption for Mac OS X or macOS.

Note: Company administrators can set up a computer-wide master password as a safeguard in the event someone forgets their login password.

UnixLUKShttps://en.wikipedia.org/wiki/Linux_Unified_Key_SetupFull disk and folder encryption for various Linux versions (e.g., RedHat, Fedora, CentOS, Debian, Ubuntu, and more)
WindowsBitLocker https://docs.microsoft.com/en-us/windows/device-security/bitlocker/bitlocker-overviewFull disk encryption for OS version 7 and higher

Other Tools

When using vendor or open-source software, download the software from a reputable site and periodically check the vendor web site for security patches or updates that must be applied. 

Note: Encryption of HIPAA data or ePHI requires a FIPS140-2 certified application.

ProductsOptionsWebsiteNotes
Box Secure StorageUniversity providedhttps://it.umn.edu/technology/box-secure-storageRecommended for any user. Meets encryption of HIPAA data or ePHI requirement as 140-2 certified application.
7-ZipUniversity providedhttp://www.7-zip.org/Available for University computers via SCCM
Kingston DataTraveler Locker -USB Flash DrivePurchasehttp://www.kingston.com/us/usb/encrypted_security
Check that the USB drive supports the level of encryption needed for the type of data stored.
GNU Privacy Guard (open source version of PGP)Freehttps://www.gnupg.org/File and folder encryption
With the Windows Privacy Tray for GnuPG, this allows for easy encryption, decryption and file shredding options. See http://www.gpg4win.org/. More complex solution.
PGP commercialPurchasehttp://www.pgp.com/products/desktop/index.htmlFile, folder, whole disk or virtual disk encryption. Includes a feature to securely wipe or shred individual files. More complex solution.

Important Reminders

  • Read about the encryption product.  Understand how to configure the software, where to store the keys and what is encrypted. Many products do NOT encrypt the files when they are emailed or saved to external media.
  • Encryption of HIPAA data or ePHI requires a FIPS140-2 certified application.
  • Download encryption software from reputable company Web sites. Some vendor encryption products have been known to install a backdoor for hackers, adware, spyware or viruses.
  • Check vendor web site for security patches or updates that must be applied.
  • Periodically check that the encryption feature on the device is still enabled, especially before saving private data on the device.
  • Encryption is dependent on using a strong password (or passphrase), protecting the password (or passphrase), and using a screen lock with authentication.
  • Encryption generally works on data at rest. When the system is unlocked, encryption feature is generally not activated.
  • All encrypted data can be permanently lost if you forget the encryption password (or passphrase). If you decide to save them, decryption key should be locked in a a safe location.
  • Do not decrypt a file and store in a temporary file someplace. If this occurs, be sure to securely wipe/erase the temporary file from disk.
  • Consider setting up a secure folder or disk partition on the computer for storing private data.