Services
Printer-friendly version

Desktop Encryption

Announcement: PGP Encryption is not certified for use on MAC OS X 10.7 or higher.

Those who are required to utilize desktop encryption software may now use FileVault 2 instead ofPGP to meet the policy requirement. In addition to a significant performance booster, FileVault2 comes built-in with current Mac OS and is secure and easy to use. Please contact the ITS Help Desk at 203-432-9000 or your local support provider for assistance with migrating from PGP to FileVault 2 or to set up desktop encryption on a new machineThe ITS whole disk encryption service is designed to provide an additional layer of security for your data. It is highly recommended for those who must store  on laptops or desktops. Data encryption software essentially "locks down" your hard drive, making it the data accessible only to you and those you authorize. The disk encryption, in conjunction with logon and screen saver passwords, protects Yale University data if the computer is lost or stolen. It does not protect data once the user boots the encrypted device.

The ITS whole disk encryption service is designed to provide an additional layer of security for your data. It is highly recommended for those who must store sensitive data on laptops or desktops. Data encryption software essentially "locks down" your hard drive, making it the data accessible only to you and those you authorize. The disk encryption, in conjunction with logon and screen saver passwords, protects Yale University data if the computer is lost or stolen. It does not protect data once the user boots the encrypted device.

Do I need desktop encryption?

Not everyone who has sensitive data should install desktop encryption software. Identify records with confidential numeric data by scanning with data scanning software.

The first step is knowing what data you have, and what levels of protection are required to keep the data safe.

Guidelines for Handling Confidential Information:

  1. Delete 
    Securely delete the files you do not need and that you do not have a legal obligation to preserve. 
  2. De-identify 
    De-identify Protected Health Information (PHI) covered by HIPAA (Health Insurance Portability and Accountability Act): If you do not need any of the 18 identifiers specified in the HIPAA Privacy Rule, your records/data can be 'de-identified' and will no longer constitute PHI. See Yale University HIPAA policy 5039 De-Identification Checklist [PDF].
  3. Encrypt
    If you believe that you must retain files with the confidential information in place, you must obtain permission to do so from your supervisor. Examples of information include Social Security numbers, credit card numbers, trade secrets, protected health information, disciplinary records, grades for assignments and courses, salary records, and tax records. Get explicit approval from your supervisor before considering any data encryption procedure.

Who can use it?

All faculty, staff, trainees, students and others in Yale’s HIPAA Covered Components are required to utilize this software.

Faculty and staff who have an Intel Macintosh or PC Yale owned computer that meet the current ITS standards [PDF]are eligible.

  • Devices should meet current ITS standards [PDF]
  • Prior to installing desktop encryption you must have an active backup account.
  • Desktop encryption is for any device that accesses or stores for ePHI per Yale’s HIPAA policies.
  • UNIX & LINUX operating systems are not supported.
  • Desktop encryption is not supported on MAC OS X Server.

How much does it cost?

Visit the ITS Rates Page.

How do I get it?

Where can I get help?

Support will be provided under your current support agreement.

If you have any questions, contact the ITS Help Desk at 203-432-9000 or email helpdesk@yale.edu or your local support person.

FAQs and other resources

Whole disk encryption service – FAQ

Importing and exporting PGP keys - Windows (PDF)

Importing and exporting PGP keys - Macintosh (PDF)

Adding or removing a user (PDF)

How to use your existing PGP keys on a new or additional computer (PDF)

Logging in to a PGP Whole Disk Encrypted Device (PDF)

How to create Zip encrypted archives (PDF)

Application compatibility

Certain programs are incompatible with the PGP Whole Disk Encryption feature; do not install these products on a system with PGP Desktop, and do not install PGP Desktop on a system with these products installed.

Related policies and procedures

Windows SpecificMac specific 
Windows User Guides (for PGP Version 10.0 - 10.1) Mac User Guides (for PGP version 10.0 - 10.1) 
Windows Quickstart Guides (for PGP version 10.0 - 10.1) Mac OS X Quickstart Guides (for PGP version 10.0 - 10.1) 
Windows User Guides (for PGP Version 10.2)Mac User Guides (for PGP version 10.2)
Windows Quickstart Guides (for PGP version 10.2)Mac Quickstart Guides (for PGP version 10.2)
How to create virtual disks using WindowsHow to create virtual disks using Mac
How to encrypt an individual file using WindowsHow to encrypt an individual file on a Mac
Using PGP Shred on WindowsUsing PGP Shred on Mac
 Guide for updating Apple computers running PGP whole disk encryption

Desktop Encryption

Service manager: 
Bryan Kazdan
Icon class: 
icon-lock
Short description: 

The ITS whole disk encryption service is designed to provide an additional layer of security for your data.

Announcement: PGP Encryption is not certified for use on MAC OS X 10.7 or higher.

Those who are required to utilize desktop encryption software may now use FileVault 2 instead ofPGP to meet the policy requirement. In addition to a significant performance booster, FileVault2 comes built-in with current Mac OS and is secure and easy to use. Please contact the ITS Help Desk at 203-432-9000 or your local support provider for assistance with migrating from PGP to FileVault 2 or to set up desktop encryption on a new machineThe ITS whole disk encryption service is designed to provide an additional layer of security for your data. It is highly recommended for those who must store  on laptops or desktops. Data encryption software essentially "locks down" your hard drive, making it the data accessible only to you and those you authorize. The disk encryption, in conjunction with logon and screen saver passwords, protects Yale University data if the computer is lost or stolen. It does not protect data once the user boots the encrypted device.

The ITS whole disk encryption service is designed to provide an additional layer of security for your data. It is highly recommended for those who must store sensitive data on laptops or desktops. Data encryption software essentially "locks down" your hard drive, making it the data accessible only to you and those you authorize. The disk encryption, in conjunction with logon and screen saver passwords, protects Yale University data if the computer is lost or stolen. It does not protect data once the user boots the encrypted device.

Do I need desktop encryption?

Not everyone who has sensitive data should install desktop encryption software. Identify records with confidential numeric data by scanning with data scanning software.

The first step is knowing what data you have, and what levels of protection are required to keep the data safe.

Guidelines for Handling Confidential Information:

  1. Delete 
    Securely delete the files you do not need and that you do not have a legal obligation to preserve. 
  2. De-identify 
    De-identify Protected Health Information (PHI) covered by HIPAA (Health Insurance Portability and Accountability Act): If you do not need any of the 18 identifiers specified in the HIPAA Privacy Rule, your records/data can be 'de-identified' and will no longer constitute PHI. See Yale University HIPAA policy 5039 De-Identification Checklist [PDF].
  3. Encrypt
    If you believe that you must retain files with the confidential information in place, you must obtain permission to do so from your supervisor. Examples of information include Social Security numbers, credit card numbers, trade secrets, protected health information, disciplinary records, grades for assignments and courses, salary records, and tax records. Get explicit approval from your supervisor before considering any data encryption procedure.
Who can use it?: 

All faculty, staff, trainees, students and others in Yale’s HIPAA Covered Components are required to utilize this software.

Faculty and staff who have an Intel Macintosh or PC Yale owned computer that meet the current ITS standards [PDF]are eligible.

  • Devices should meet current ITS standards [PDF]
  • Prior to installing desktop encryption you must have an active backup account.
  • Desktop encryption is for any device that accesses or stores for ePHI per Yale’s HIPAA policies.
  • UNIX & LINUX operating systems are not supported.
  • Desktop encryption is not supported on MAC OS X Server.
How much does it cost?: 

Visit the ITS Rates Page.

How do I get it?: 
Where can I get help?: 

Support will be provided under your current support agreement.

If you have any questions, contact the ITS Help Desk at 203-432-9000 or email helpdesk@yale.edu or your local support person.

FAQs and other resources: 

Whole disk encryption service – FAQ

Importing and exporting PGP keys - Windows (PDF)

Importing and exporting PGP keys - Macintosh (PDF)

Adding or removing a user (PDF)

How to use your existing PGP keys on a new or additional computer (PDF)

Logging in to a PGP Whole Disk Encrypted Device (PDF)

How to create Zip encrypted archives (PDF)

Application compatibility

Certain programs are incompatible with the PGP Whole Disk Encryption feature; do not install these products on a system with PGP Desktop, and do not install PGP Desktop on a system with these products installed.

3-lock data compliant: 
no