Use of Escrowed Encryption Keys: Procedures
- Any unit that encrypts data must obtain the permission of the associated data steward (for more information, see University Policy 4.12, Data Stewardship and Custodianship).
- Custodians or users of institutional administrative data who deploy software or algorithmic programs for encryption must establish procedures ensuring that the university has access to all such records and data.
- Each major operating unit deploying encryption is required to develop and to disseminate procedures consistent with this policy to enable key recovery in a secure manner. (The full policy's Appendix shows a sample unit policy.)
- Any custodian or user of institutional administrative data who deploys software or algorithmic programs to encrypt data is required to inform his or her supervisor prior to deployment and disclose, in a comprehensible form, the keys or other means to access the data.
Questions about what constitutes institutional administrative data may be directed to the steward for that data (for information on stewardship and custodianship, see University Policy 4.12, Data Stewardship and Custodianship).
- Note: This policy does not require any particular technological protection of institutional administrative data.
- Note: This policy does not establish a central repository for the management of keys or data.
- Note: This policy does not mandate a single or specific method for the escrow of encryption keys.
In this section
- Summary
- Procedures