Data Encryption FAQ: Overview
- What is encryption?
- Which computers will be included in our encryption program?
- Who will install encryption software on my computer?
- What change will I see after encryption software is installed?
- Will I see encryption happening?
- Will encryption change how I use applications?
- Can I use encrypted media on my home PC?
- Do I access encrypted media the same way on any PC?
- What if I need encryption software removed?
- May I take my encrypted laptop when traveling internationally?
What is encryption?
Encryption is a method of protecting data by converting it to a format that is unreadable by anyone except those with a special key. If sensitive or confidential information is exposed to unauthorized individuals, it is costly for both the University and for anyone whose identity may be stolen as a result of unauthorized access. Encryption plays a key role in our overall strategy for reducing this risk.
While using your computer, encryption software is as invisible as antivirus software. The technology has come a long way to ensure that you are not slowed down nor affected by its presence as you work. The peace of mind that your data is protected is well worth the twenty minutes it takes to install it!
Which computers will be included in our encryption program?
We require all desktops and portable computers to be encrypted.
Who will install encryption software on my computer?
A UCI Health Information Services representative must install the encryption software on your computer. Contact your local department support representative or service desk at 714-456-3333 to request additional information.
What change will I see after encryption software is installed?
After encryption software has been installed, you will log into your computer with your UCINetID and password as before.
A new icon labeled "Dell Data Protection Encryption" will be present in your Notification Area on your Desktop.
(see Figure 1)
Will I see encryption happening?
No. Encryption is transparent and automatic. As soon as a new file is opened for creation or copied to your computer, the encryption process begins.
You may view the "status" of your encrypted computer by right-clicking on the "Dell Data Protection Encryption" notification icon (see Figure 1) and select "Open Dell Data Protection Encryption" from the menu options. (see Figure 2)
This will launch the DDPE User console. (see Figure 3) . The DDPE console provides information such as whether or not a storage device has been encrypted or described as "in compliance". (see figure 3)
NOTE - Users that have requested External Media Shield (EMS) enabled please refer to "Removable Media Encryption – The Basics" section below.
Will encryption change how I use applications?
No. Applications won't even notice the encryption process because it's done automatically in memory.
Can I use encrypted media on my home PC?
Yes. Policies and encryption keys travel with the media so you can access encrypted data via any Windows computer, even your home system that is not protected by encryption software.
Do I access encrypted media the same way on any PC?
No. There is one process for accessing that media from a protected UC Irvine Medical Center PC and a slightly different process for accessing it from another PC that is not running encryption software. Specific workflows are described later in this FAQ.
What if I need encryption software removed?
If a machine needs to be un-encrypted, please contact your local department support representative or service desk at 714-456-7721 who will ensure the encryption removal is done properly according to standard procedures.
May I take my encrypted laptop when traveling internationally?
The Dell/Credant encryption solution we have selected for UC Irvine Medical Center has been granted exception with the U.S. Department of Commerce, this exception allows us to transport or ship a University-owned or personally-owned computer that has Dell encryption products installed to any country as long as the computer remains under our effective control, EXCEPT for the following countries defined in the U.S. Department of Commerce’s Export Administration Regulations:
3. North Korea,
4. Sudan, and
In addition, there are some countries that do not recognize our U.S. exemption. Before traveling to these countries with an encrypted laptop, you will need to apply to their specified governmental agency for an import license: (failure to do this could mean confiscation of the laptop or worse for the traveler).
1. Belarus - a license issued by the Belarus Ministry of Foreign Affairs or the State Center for Information Security of the Security Council is required.
2. Burma (Myanmar) - a license is required, but licensing regime documentation is unavailable. Contact the US State Department for further information.
3. China - a permit issued by the Beijing Office of State Encryption Administrative Bureau is required. You can either apply for the permit on your own, or contact our McAfee or Dell/Credant authorized distributor.
4. Hungary - an International Import Certificate is required. Contact the US State Department for further information.
5. Iran - a license issued by Iran's Supreme Council for Cultural Revolution is required.
6. Israel - a license from the Director-General of the Ministry of Defense is required. For information regarding applicable laws, policies and forms, please visit the following website: http://www.mod.gov.il/pages/encryption/preface.asp.
7. Kazakhstan - a license issued by Kazakhstan's Licensing Commission of the Committee of National Security is required.
8. Moldova - a license issued by Moldova's Ministry of National Security is required
9. Morocco - a license is required, but licensing regime documentation is unavailable. Contact the US State Department for further information.
10. *Russia - licenses issued by both the Federal Security Service (Federal'naya Sluzhba Bezopasnosti - "FSB") and the Ministry of Economic Development and Trade are required. License applications should be submitted by an entity officially registered in Russia. This would normally be the company that is seeking to bring an encryption product into Russia.
11. Saudi Arabia - it has been reported that the use of encryption is generally banned, but research has provided inconsistent information. Contact the US State Department for further information.
12. Tunisia - a license isued by Tunisia's National Agency for Electronic Certification (ANCE) is required.
13. *Ukraine - a license issued by the Department of Special Telecommunication Systems and Protection of Information of the Security Service of Ukraine (SBU) is required.