Laptop Encryption & Backup

On March 1, 2010, Massachusetts Identity Theft legislation will require securing portable electronic devices which have personally identifiable information (PII) on them.  The law is specifically written to protect information such as Social Security Numbers and bank or credit card information, although colleges like Williams also are required to meet FERPA and HIPAA regulations (which covers things like student grades and health information).

The two common ways to protect information are to make it unavailable to a thief (don’t carry personal information around on your laptop) or to encrypt the information (so that even if the laptop is stolen, the data is unreadable).

Since it is difficult, if not impossible, to guarantee that no personal information exists on a laptop, or in the email of a laptop owner, Williams is choosing to encrypt laptop hard drives, starting with departments who commonly work with personal information.

Laptop data will be safe, even if the machine is stolen.


The program we have chosen is called TrueCrypt, which allows for full disk encryption of Windows laptops, meaning every piece of information on the laptop is encrypted, including the operating system and programs.  This saves the owner from having to worry about saving personal information files into a special encryption folder.   We are currently looking at Mac encryption options.

Since the whole idea behind encryption is that it requires a password to unlock, there is a danger that if an owner forgot their password, then the data on the drive would become inaccessible. Also, any problem with a laptop drive, like corruption due to a jolt or fall, would prevent data recovery specialists from retrieving any data.  Due to these risks, OIT is also implementing a full network backup system for any laptops which are encrypted.

Laptops are not the only devices to be concerned about – USB thumb drives and smartphones may also need to have security measures added to them.

If you have any questions about personal information security, we encourage you to attend one of the monthly OIT workshops.

If you work in a department that handles personal information, and you have a laptop, OIT will contact you to set up a schedule for implementing the encryption and network backup before March.

Comments are closed.