when data is encrypted: 1. it must be reasonably encrypted to ensure confidentiality and integrity...
TRANSCRIPT
![Page 1: When data is encrypted: 1. It must be reasonably encrypted to ensure confidentiality and integrity 2. It must be available even in the event the encryption](https://reader036.vdocument.in/reader036/viewer/2022082611/56649ec75503460f94bd3eb0/html5/thumbnails/1.jpg)
Institutional Encryption Requirements
When data is encrypted:1. It must be reasonably encrypted to ensure
confidentiality and integrity2. It must be available even in the event the
encryption key is lost, stolen or otherwise unavailable
![Page 2: When data is encrypted: 1. It must be reasonably encrypted to ensure confidentiality and integrity 2. It must be available even in the event the encryption](https://reader036.vdocument.in/reader036/viewer/2022082611/56649ec75503460f94bd3eb0/html5/thumbnails/2.jpg)
Confidentiality & Integrity
“Standards” for encryption Defining due diligence for UCLA No rot-13!
![Page 3: When data is encrypted: 1. It must be reasonably encrypted to ensure confidentiality and integrity 2. It must be available even in the event the encryption](https://reader036.vdocument.in/reader036/viewer/2022082611/56649ec75503460f94bd3eb0/html5/thumbnails/3.jpg)
Availability
Types of data of concern Things to consider How to approach
![Page 4: When data is encrypted: 1. It must be reasonably encrypted to ensure confidentiality and integrity 2. It must be available even in the event the encryption](https://reader036.vdocument.in/reader036/viewer/2022082611/56649ec75503460f94bd3eb0/html5/thumbnails/4.jpg)
Availability: Of what data?Records subject to a California Public Records Act request,
including email not falling under incidental personal useAdministrative book of record data required by applicable law and
policyTransient book of record data, e.g., original data created on a
laptop that is book of record until it is transferred to a main database
Data with under a legal obligation, such as:Non-book of record data (i.e., copies) that the University is under legal
obligation to segregate, such as copies of data under a duty to preserve (e-discovery)
Research data subject to a contracts and grants requirementData whose unavailability will cause some other institutional
impact (e.g., information relevant to a patent dispute)
![Page 5: When data is encrypted: 1. It must be reasonably encrypted to ensure confidentiality and integrity 2. It must be available even in the event the encryption](https://reader036.vdocument.in/reader036/viewer/2022082611/56649ec75503460f94bd3eb0/html5/thumbnails/5.jpg)
Availability: Things to consider 1Availability is not a new requirement!It is driven by many legal obligations, including the
California Public Records Act that speaks to transparency and accountability of public institutions.
![Page 6: When data is encrypted: 1. It must be reasonably encrypted to ensure confidentiality and integrity 2. It must be available even in the event the encryption](https://reader036.vdocument.in/reader036/viewer/2022082611/56649ec75503460f94bd3eb0/html5/thumbnails/6.jpg)
Availability: Things to consider 2Privacy and cultural concernsIntertwining with non-consensual access protocolNative encryption in applications / databasesNative encryption of laptopsTrend toward ubiquitous native hard disk encryption
![Page 7: When data is encrypted: 1. It must be reasonably encrypted to ensure confidentiality and integrity 2. It must be available even in the event the encryption](https://reader036.vdocument.in/reader036/viewer/2022082611/56649ec75503460f94bd3eb0/html5/thumbnails/7.jpg)
Availability: How to approachEncryption key management