Choosing an Encryption Method
In this chapter we will provide guidelines on choosing the most suitable encryption method for your research needs.
Table of Contents
Lesson Objectives
- Choose the right encryption method for your project
Encryption for common research scenarios
As there are many tools to encrypt your data, and many ways to use those tools, choosing and implementing the best method for your project can be daunting. The following table provides an overview of common research scenarios and the encryption method we recommend for each. We discuss implementing these methods further in the following pages.
| Research Scenario | Recommended Encryption Method | Key Considerations |
|---|---|---|
| Encrypt a single sensitive file (e.g., a key linking anonymized participant IDs to personal information) | Manually encrypt the single file | Simple and fast; good for small, critical files; easy to forget if many files need protection |
| Store a folder of related project documents containing sensitive data | Manually encrypt the entire folder | Keeps all contents protected together; avoids missing files; must re-encrypt after changes if not using a live encrypted folder/container |
| Send a small set of sensitive files to a collaborator via email or cloud storage | Place files in a password-protected, encrypted zip folder | Convenient for transfer; password should be shared via a separate channel (not the same email); less secure for very large datasets |
| Ensure temporary working files (e.g., exports from software, cached data) are not left unprotected | Store them only in an encrypted folder/container | Avoids leaving “leakage” copies in plain text; may require changing software default save locations |
| Carry or backup sensitive data on a USB stick or external drive, including recording device storage (camera/mic SD card) | Encrypt the external disk with VeraCrypt (or built-in Mac/Windows tools) or use a pre-encrypted drive | Protects data if device is lost or stolen; may require installation of decryption tool on other computers to open; encryption should be part of regular backup routine; test restore process |
| Share an entire working dataset with collaborators while maintaining security | Create a VeraCrypt encrypted container (virtual disk) and share the container file | Container can be mounted like a normal drive; collaborators must also use VeraCrypt; requires coordination on passwords |
| Protect the device used to access participant data in case it is lost or stolen, especially laptops used for fieldwork or travel | Enable full-disk encryption (even of boot-disk) and require strong login credentials | Ensures all system files and user data are protected; cannot be bypassed without credentials; check if encryption is already on by default |
| Archive sensitive research data for long-term storage (e.g., after project completion) | Encrypt the folder or compress into an encrypted zip before archiving | Reduces storage footprint; make sure password/keys are preserved securely for future access |
Key Points / Summary
- If you’re working with a small number of key files, it is simplest to just encrypt those files
- If you’re working with a larger dataset, it can be simplest to encrypt a project folder or drive
- To protect a device that will regularly be working with sensitive data, check that full-disk encryption is enabled (it often is by default on newer devices)
- Make sure your backups and archives are also appropriately encrypted
- Always remember to follow encryption Best Practices no matter what method you use!