Securing Hardware and Portable Devices

The handling of sensitive data requires not only secure storage and data transfer protocols but also that hardware be properly secured through device encryption.

The level and type of safeguards recommended for sensitive data is determined by the type of data collected for research purposes. The UC San Diego office of Research Affairs Information Technology provides guidance for research using sensitive data on the Guidelines for Handling Sensitive Data Blink page. Sensitive data can include protected health information (PHI) and personal identifiable information (PII). As there can sometimes be uncertainty in determining what information is considered sensitive data, the UC San Diego Human Research Protections Program provides a listing of elements considered to be person identifiable as outlined in their UCSD HRPP De-identified Health Information Factsheet.

Guidelines to consider when sensitive data is stored or collected on local and portable devices:

Full disk encryption (FDE) is required on all UC San Diego owned laptops and is recommended for personal laptops that are used to access UC San Diego information
Devices used for data collection should be protected by a strong password, or PIN.
Each user with access to the device should have a unique password/PIN.
Passwords and PINs used for device access should never be shared.
Devices should be kept with the owner/assigned user at all times.
When not in use, the device should be stored in a secured (locked) location with limited access.

Contact Information:

Health Sciences Information Services (IS): Service Desk team is available to provide expertise regarding established compliance protocol and device encryption
- 3help@ucsd.edu or 619-543-4357
Main campus departments: Contact Research IT Services for assistance with any of these compliance measures
- research-it@ucsd.edu
UC San Diego Institutional Review Board (IRB) (Human Research Protection Program (HRPP)): For questions about your specific research.