• Home
• FAQs
  • General
  • Implementation
  • Technical
• Installation
• Login & Password
• Operating System
  • Windows
  • Mac & Linux
• Project
• Software
• Status
• Support
• Team
• Exemption
  • Overview
  • Policy
  • Instructions
  • Request Form

Encryption Exemption Process

University policy requires that all University Data stored on any University-owned desktop or laptop computer not intended for public access or computer laboratory/classroom use be encrypted using a University approved method, approved for exemption from the encryption process, or taken out of service. This document describes the encryption exemption process.

Eligibility for Exemption

While the University’s goal is to protect its data through the use of encryption, there may be some instances where encrypting a computer may not be possible. Typical reasons for needing an exemption include computers which do not support encryption (such as older computers or computers with alternative operating systems), a computer’s performance is significantly impacted by the encryption software, or a computer is used only for research and encrypting it may negatively impact how research is carried out. Computers which store any data listed in the ‘Sensitive University Information Checklist’ document are not eligible for exemption from the encryption requirement. Before requesting an exemption, computers must be scanned for personally identifiable information (PII), such as Social Security numbers and credit card numbers, to ensure that if this data is stored on the computer it is removed prior to granting an exemption. Computers may be scanned for PII using the Spider utility, located at the following web address: http://tss.uconn.edu/spider.html.

Workflow Process

The University has instituted an electronic workflow application to help expedite the routing and approval of exemption requests. If an exemption is required, the computer owner\primary user should log onto the workflow application, located at http://exemption.uconn.edu, with their UConn NetID and Password, fill out a request, and submit the request to the appropriate academic department head, the director of the appropriate center or institute, or head of the administrative unit for approval. Instructions for using the form are located at http://encryption.uconn.edu/exemption/instructions.php. While approval of an exemption request may be completed immediately depending on the approver, a computer should not be considered exempt until a confirmation email is received stating the request was approved. If a request is denied, the requestor must encrypt the computer or take it out of service.

Request Routing

The online application uses the Master University Department (MUD) table to determine a default approver. In some instances, requesting approval from one’s primary academic department head, director or administrative unit head based on employment affiliation may not be appropriate (due to delegation of responsibility, dual employment circumstances, etc.). In these cases, the end user should override the default value and route the request to the appropriate academic department head, director, administrative unit head or an approved delegate.

Reporting and Notification

The intent of the encryption initiative is to protect the University’s data; therefore, all approved exemptions will be reported to the University’s executive administration (President, Provost, Chief Operating Officer, or Chief Financial Officer). This will allow the University’s administration to be aware of the numbers, types, and locations of computers which are not protected with encryption software.

Updated: 05.04.2009:ldg 

• UConn Home
• UITS Home
• Disclaimers, Privacy, & Copyright
• Staff Login