Confidential information or data protected by privacy laws and rights needs to be protected whether in transit or at rest. Even utilizing multiple layers of security such as authentication and firewalls, the data may still be at risk. To help protect sensitive data when in transit or at rest, use encryption and proper key management. There are various types of encryption that can be used and each type depends on how the data are delivered or stored. When transmitting sensitive data, encryption techniques should be used to control access to the information, protect the integrity of transactions, and protect the information assets. If private keys get compromised, lost, or shared, unauthorized access can occur, or critical information may become unavailable to authorized personnel.
Encryption techniques include utilizing secure HTTP (https) for transmitting sensitive data via web transport. However, this will not protect the data after it is transmitted. To protect the data at rest as well in transit, institutions should require confidential information to be handled using appropriate secure methods: