Dear faculty, staff: Please scan, then store or zfhs4rergjfg

Asdfiisuf siudc kj$#%$521j mcsngkuj ejdwih^d flcb.

Gibberish? You bet. And its sheer illegibility is exactly why the campus is making a major push into encryption this spring--to install one more layer of protection against identity theft. Thieves who try to steal lucrative personal data from UC Davis computers or files won't get far if encryption software has scrambled the data into claptrap.

The call for encryption is part of a campus drive for better safeguarding of personal data that also includes a new policy, encryption software subsidies for qualified users, and instructions to all faculty and staff on where to search for personal information on their computers.

The basic goal: to have faculty and staff scan their machines and files for personal information, delete or offload it if possible, and encrypt it if the records must be kept on the computer. So that if someone does try to steal personal data, all they get is osdydv;lgd0b0grrg/fv.

A preference for Pointsec

The Whole Disk Encryption Policy, expected to be adopted this quarter, will require faculty and staff to encrypt computer systems which store restricted information if other protections are limited, and to encrypt the information if necessary to keep it from being stolen or misused. The data include Social Security numbers, California driver ID numbers, financial and medical records, and other information which, if accessed, modified or deleted, could harm UC Davis.

To help, the campus has made Pointsec software available campus-wide. Pointsec scrambles information on a user's hard drive and prevents anyone without the right password from accessing the files.

Pointsec is one of two licensed encryption software programs on campus. The other one, Credant, is primarily used by the UC Davis Medical Center.

The campus prefers Pointsec, said IT Securit y Coordinator Bob Ono. "Unlike Credant, which encrypts a specific file or folder, Pointsec encrypts everything on the hard drive," Ono said. "We can't assume that everyone will consistently store data in one area."

Check your digital attics

Personal data can be found anywhere on a computer. Important places to check are email archives, letters of recommendation or resumes, class materials, and databases of job applicants. Personal data can also hide in old computer files, student rosters, grant applications, and personnel files that used Social Security numbers as IDs.

Computers inherited from retired faculty or staffers might contain data the current user doesn't even know about.

Staff and faculty can scan for certain types of personal information on their own, or ask their departmental technical support coordinators for Cornell Spider or Power Grep--two software programs available to staff and faculty.

Cornell Spider (available for free) and Power Grep (minimal cost) let users program searches for a specific type of data, such as Social Security numbers, by searching for data arranged in a pattern, i.e. xxx-xx-xxxx.

"With 30,000 computers currently used on campus, we expect to see at least 50 percent of staff and faculty perform these scans," Ono said. "Cost should not be a hurdle."

What to do if you find some

Once a user finds restricted personal data, the first option is to delete or move it. "If the information is not frequently used, we encourage faculty and staff to move the files to a portable media device, like a CD," Ono said. But people who need to keep restricted information on their computer can use Pointsec to protect it. IET will pay for the Pointsec for PC license.

The Whole Disk Encryption Policy embodies the university's ongoing effort to protect personal information and prevent security breaches. Victims of identity theft can spend thousands of dollars and hours of time recovering from losses.

Also, employees whose negligence allowed the theft can lose their jobs. As stated in a directive signed last October by campus leaders, "individuals who could have prevented security breaches but did not are held responsible?up to and including dismissal."

The stepped-up diligence sounds good to Matt Bishop, a professor in the Computer Science Department. "I believe protecting students? personal information is critical,? he said. "Whatever we can do to protect that information is good."