Encryption

Encryption is the process of converting information in data into a code or cipher so that it can only be read by someone who has the key to decrypt or decipher it. Encryption can be applied to many digital objects, including text strings, files, folders, or entire storage devices. The format of the decryption key also varies – it can be a password, a randomly generated code, or a file.

Encryption

For research data containing personal information, encryption can be considered a form of pseudonymisation. In this context, the encrypted data are pseudonymised and the encryption key constitutes the additional information needed to identify individuals in the data. In research, encryption is often used to protect data at rest – that is, data stored but not actively in use or in transfer. However, data can also be encrypted during transmission, file transfer, or even during processing (where computations are performed on encrypted data). 

Types of encryption

Encryption can be symmetric, meaning that the sender and the recipient use the same key (e.g., a password) to encrypt and decrypt the file. In this case, it is important to share the password securely – not via the same channel as the encrypted data.

Encryption can also be asymmetric, which means that it uses a public key for encryption (which cannot decrypt) and a private key for decryption. The sender encrypts the data using the recipient’s public key, and the recipient decrypts the data with their private key. The private key never needs to be shared.

Symmetric encryption is commonly used for data at rest, while asymmetric encryption is more frequently used for data in transit. 

Two short videos below provide further explanations of symmetric and asymmetric encryption.

Symmetric encryption

Asymmetric encryption

 

Another way to categorise encryption is based on the scope of what is encrypted.

Full disk encryption and volume encryption

Full disk encryption and volume encryption ensure that data on a flash drive or device are unreadable if anyone gains unauthorised access to the device. The main difference between them is that full disk encryption protects the entire hard drive, whereas volume encryption targets a partition, or volume, of the drive.

This is generally recommended for any device that stores research data – particularly when:

  • You want to protect data on your personal computer (by encrypting the entire device or specific drives or partitions);
  • You are collecting data using portable devices such as USB flash drives or audio recorders.
File or folder encryption and container encryption

File or folder encryption and container encryption, is used when individual files or folders need to be protected. File and folder encryption protects individual files or folders; container encryption involves creating a container (often a file) that acts as a virtual drive, which can hold multiple files using one encryption key.

Use this method when:

  • You cannot store different types of personal data in separate locations and need to restrict access to the encrypted information to a small group of authorised users;
  • You have to store personal data on a non-encrypted device that is accessible to multiple people;
  • You need to send personal data to a collaborator, for example via a cloud service or a file transfer tool.