Back to November 2012 Newsletter

(Encrypting Data on Mobile Devices)

by Dave Smallen

In a 2010 study, 46 percent of the lost laptops contained confidential data, only 30 percent of those systems were encrypted, and only 10 percent had other anti-theft technologies. (The Billion Dollar Lost Laptop Study, Ponemon Institute and Intel Corp., December 2010).

As the world of computing becomes increasingly mobile, the risks of compromising institutionally-maintained data become more substantial. Laptop computers, smartphones and USB stick drives are common mobile devices used to store information.  These devices are convenient, providing access to data wherever we are located.  Unfortunately, the convenience can increase institutional risk.

By New York State Law, Hamilton College is required to notify any individuals whose confidential information has been compromised (e.g., social security or credit card numbers). For example, if an employee of Hamilton College downloads confidential information about students from our administrative system to his/her laptop computer, or enters it him/herself, and then has his/her laptop stolen, the College is responsible for notifying each of the affected individuals. In addition, the College must notify the Attorney General and the Consumer Protection Board for any resident of New York State.  Likely, Hamilton will also have to provide identity theft insurance to these individuals for some period of time. At large institutions this has resulted in costs of over $100,000 per incident, not to mention a hit on their institutional reputations.

Most of the risk can be eliminated by encrypting the data that is put on these devices. Encryption is a process of converting electronic data into a format that cannot be easily understood by unauthorized people. Without getting into details, special software is used to convert the data and special passwords are needed to make the data readable again (the title of this article was encrypted - the translation is in parentheses).  By encrypting all the information on a mobile device we minimize the risk of the data being used by whoever stole the device (most devices are actually stolen to sell, not for the data on them.  However, the requirements of the laws don’t make that distinction).
Hamilton, along with other schools in the New York Six Consortium, is in the process of evaluating encryption software for likely implementation next year. This is part of our institutional effort to improve the security of information we collect from members of our community.