Encryption at UMass Lowell: Safeguarding Confidential Data

Members of the university community may work with various types of data that require protection under university policies, system-wide standards, and legal or contractual obligations. Ensuring data security is vital to comply with privacy regulations, protect our reputation, and minimize the risk of costly incidents.

Examples of sensitive data that must be safeguarded include:


The Role of Encryption

To protect sensitive data, UMass Lowell IT configures university-provisioned computers with encryption-at-rest as a standard best practice. Encryption-at-rest renders data stored on a device unreadable without proper authorization. Encryption safeguards data by preventing unauthorized access in the event a device is lost or stolen. This additional layer of security helps minimize risk of data exposure.

It’s important to note that encryption is just part of the data protection picture. It is better to keep data within the university’s secure application systems. When a local copy is necessary, using a backed up, access-controlled UML OneDrive location provides for better security and recoverability than storing files on a laptop or other portable device drive. Whenever sensitive information is involved, best practice is to limit access to just those workforce members who require it for their job responsibilities and to use only the minimum necessary data for the work at hand. Don’t share a large file with many records or data elements if the need is only for a specific record or data element.


Encryption on Other Devices

  • Smartphones and tablets: When configuring a device to access UMass Lowell email, faculty and staff must enable a passcode to activate native device encryption.
  • Other equipment: Faculty and staff who work with sensitive data on non-standard university devices should open a ticket with IT Security to explore encryption options.

Protecting University Data

For more information about what types of data must be safeguarded and how to protect it, refer to the following university policies and resources: