Information Protection and Security

Encryption software protects data-at-rest (DAR). Laptops and other mobile devices with critical data may be lost or stolen, compromising the data. In the event of a data breach involving Social Security Numbers, credit cards and the like -- collectively termed Non-Public Personal Information (NPPI) -- the New Jersey Identity Theft Prevention Act requires Rutgers to send notifications warning of the possibility of identity theft. An incident may also open the university to adverse publicity. However, if the lost data is encrypted, the law excuses the institution from the notification obligation. The overall goal of data-at-rest encryption is the mitigation of risks associated with data breaches. Several web sites provide historical information about data breaches; two sites are mentioned below.