Data at Rest (DAR) Encryption

Encryption software protects data-at-rest (DAR). Laptops and other mobile devices with critical data may be lost or stolen, compromising the data. In the event of a data breach involving Social Security Numbers, credit cards and the like -- collectively termed Non-Public Personal Information (NPPI) -- the New Jersey Identity Theft Prevention Act requires Rutgers to send notifications warning of the possibility of identity theft. An incident may also open the university to adverse publicity. However, if the lost data is encrypted, the law excuses the institution from the notification obligation. The overall goal of data-at-rest encryption is the mitigation of risks associated with data breaches. Several web sites provide historical information about data breaches; two sites are mentioned below.

Encryption Product Purchased by OIT — last modified 2008-07-08 14:42

OIT purchased McAfee Endpoint Encryption product (formerly Safeboot Encryption) for use within the University. There is no charge to university departments for the software. Contact safeboot-support@ess.rutgers.edu for futher information.

Deployment of Data at Rest Software — last modified 2008-07-08 14:44

Implementation document listing the milestones in the implementation of DAR encryption. General rollout begins in the first quarter of FY2009.

Historical Information on Data Breaches — last modified 2008-07-08 14:30

Information about data breaches that have already taken place -- to indicate that it *can* happen here.

Other Free Encryption Solutions — last modified 2008-07-08 14:43

McAfee Endpoint Encryption is presently available for the Windows environment. However, other possibilities are also available.