Laptop Encryption FAQ

Q. What is PGP Whole Disk Encryption?
A. PGP Whole Disk Encryption (WDE) is a software product that secures files stored on protected drives with transparent full disk encryption. If a protected system is lost or stolen while shut down or in hibernate mode, data stored on the protected drive is not readable without the proper credentials.

Q: Should I encrypt my laptop?
A: Yes, the School of Medicine recommends PGP Whole Disk Encryption for all laptops.  Security policy will require encryption of your laptop if you store any of the following: social security numbers, credit card numbers, bank account numbers, patient health information, or patient research information. You should also consider encrypting your laptop even if you don't think you are using any of these types of data.

Q: What is the cost to encrypt my laptop?
A: For any School of Medicine laptop, encryption is provided at no additional charge. We will also consider encrypting your personal (non-tagged) laptop for no additional charge if it meets our encryption criteria.

Q: What Operating Systems can currently be encrypted?
A: Windows XP, Windows 7, Windows Vista, Mac OS X 10.5.x or 10.6.x, Linux.  Note: PGP Whole Disk Encryption for Linux is command line only.

Q: How can I encrypt my laptop if I am not running Windows and I store sensitive data?
A: Please contact encryption@med.unc.edu for assistance.

Q: I have a desktop (not a laptop) that stores confidential data. Can I/Should I have it encrypted?
A: We are not currently encrypting desktop computers but we will consider it on a case by case basis. Please submit the laptop encryption request form and indicate that the computer is a desktop. We will contact you to discuss encryption possibilities.

Q: What type of encryption software does School of Medicine use?
A: School of Medicine uses software called PGP (Pretty Good Privacy). PGP is an industry standard encryption system that has been in use in academia for over 20 years.

Q: How long does it take to encrypt my hard drive?
A: It takes about 15 minutes to install the encryption software, and then between 4 and 10 hours to finish the encryption - during which time you can use your computer normally. After the initial encryption is complete, you never have to think about it again.

Q: Will my computer act differently after it has been encrypted?
A: Users continue to work as usual. However, when PGP is first installed, users will experience slow response while the entire disk is encrypted. After the initial encryption of the disk PGP WDE automatically encrypts and decrypts data on the fly, without impacting user productivity. On startup, the PGP Boot-Guard screen will appear, requiring appropriate authentication before allowing access to data on the system.

Q: Will my computer be slower once it's encrypted?
A: Sometimes there is a minute (5% or less) reduction in computer speed. In general, this is unnoticeable on all but very old (more than 4 years) laptops.

Q: Should I backup my computer before you encrypt it?
A: Yes! While we do not anticipate having any problems during the encryption process, things can go awry. Please backup any valuable data before we encrypt it. Let us know if you need help with the backup.

Q: I store confidential data on my USB thumb drive and external hard drive. Can I encrypt my USB thumb drive or external hard drive using PGP?
A: Yes, contact help@med.unc.edu for assistance if you wish to do this. The problem is that you will not be able to use the encrypted thumb drive or hard drive on a computer that doesn't have PGP installed on it. Because of this, School of Medicine does offer help choosing USB drives that come pre-encrypted and can be used with virtually any computer. Please email  help@med.unc.edufor more information.

Q: Can I install PGP myself?
A: No, because of licensing issues we are not allowing users to install the application themselves.

Q: What happens if I forget my password? Will I be locked out of my data forever?
A: While this is a risk with some types of encryption, you will not be able to lock yourself out from your data using the School of Medicine-managed PGP system. School of Medicine has setup PGP so that we can issue you a temporary password in the event that you have forgotten yours. If you forget your password, you will need to contact our Service Desk and prove your identity. Once your identity is proven, the Service Desk will issue you a temporary (usable only once) password and then help you change it to something only you know.

Q: I have a MAC running OS X Lion, can I use the built in encryption?
A: Yes, FileVault2 is an acceptable alternative for MAC OS.

Q: Does PGP Support Smart Phones?
A: No.  PGP cannot be installed on smart phones.  For more information on how to encrypt smartphones including iPhones, Android devices, and Blackberries please see Encrypting Cell Phones.

Q: What happens when I leave UNC?
A: We will assist you with decrypting the drive.  Please contact help@med.unc.edu for assistance.