Encryption

Data encryption is the process of converting information in data into a code or cipher so that it can only be read by someone who has the key to decrypting or deciphering it. Encryption can be applied to many digital objects, including text strings, files, folders, or entire storage devices. The format of the decryption key also varies – it can be a password, a randomly generated code, or a file.

Encryption

For research data containing personal information, encryption can be considered a form of pseudonymization. In this context, the encrypted data are pseudonymized and the encryption key is the additional information needed to identify individuals in the data. In research, encryption is often used to protect data at rest – that is, data stored but not actively in use. However, data can also be encrypted during transmission, file transfer, or even during processing (where computations are performed on encrypted data). 

Types of encryption

Encryption can be symmetric, meaning that the sender and the recipient use the same key (e.g., a password) to encrypt and decrypt the file. In this case, it is important to share the password securely – not via the same channel as the encrypted data.

Encryption can also be asymmetric, which means that it uses a public key for encryption (which cannot decrypt) and a private key for decryption. The sender encrypts the data using the recipient’s public key, and the recipient decrypts the data with their private key. The private key never needs to be shared.

Symmetric encryption is commonly used for data at rest, while asymmetric encryption is more frequently used for data in transit. 

Two short videos below provide further explanations of symmetric and asymmetric encryption.

Symmetric encryption

Asymmetric encryption

 

Another way to categorize encryption is based on the scope of what is encrypted.

Volume encryption (full disk or drive encryption)

Full disk encryption and volume encryption ensure that data on a flash drive or device are unreadable if anyone gains unauthorized access to the device. The main difference between them is that full disk encryption protects the entire hard drive, whereas volume encryption targets a partition, or volume, of the drive.

This is generally recommended for any device that stores research data – particularly when:

  • You want to protect data on your personal computer (by encrypting the entire device or specific drives or partitions);
  • You are collecting data using portable devices such as USB flash drives or audio recorders.
Container encryption (file or folder encryption)

Container encryption, file or folder encryption, is used when individual files or folders need to be protected. While file and folder encryption protect individual files or folders, container encryption involves creating a container (often a file) that acts as a virtual drive, which can hold multiple files using one encryption key.

Use this method when:

  • You cannot store diverse types of personal data in separate locations and need to restrict access to the encrypted information to a small group of authorized users;
  • You must store personal data on a non-encrypted device that is accessible to multiple people;
  • You need to send personal data to a collaborator, for example via a cloud service or a file transfer tool.