Overall System Status:
By law: on any portable device (e.g., laptop, netbook, tablet, smartphone), or removable media (e.g., CD, thumb drive, portable disc drives), or any desktop computer or server that is NOT secured within a Dartmouth data center containing Protected Health Information, or Personally Identifiable Information (name + SSN or driver's license#, or gov't issued ID#, or bank/credit card#). PHI and PII are NOT required to be encrypted when protected by other secure means within a locked data center. PII and PHI Data in transit, including email: must be encrypted when in transit outside the Dartmouth network (including Dartmouth wireless).
By Dartmouth policy: same as above, PLUS any portable device or media containing confidential information (defined as Level 2 or 3 data under DISC policy).
1. For laptop, desktop, and some unprotected servers, as well as portable disc and removable media: PGP whole disc encryption, available from Computing Services
2. For data in transit, SSL or other communications encryption solutions, available from Computing Services
3. For email in transit outside Dartmouth, or within Dartmouth if necessary: Microsoft Forefront (not yet deployed). In the interim, place content in Word or PDF file and simply password protect the file and attach it to the message. Share the password with the recipient via separate communication.
Last Updated: 10/17/12