Encryption is a means of preventing anyone other than those who have a key from accessing data, be it in an email, on a computer or on a storage device. In all cases you need to consider the security of the encryption key(s) and it is recommend that you lodge these securely with a trusted third party (who, preferably doesn't have access to the files) so as to ensure their availability in the event of key loss.
The Information Commissioner has made it clear that personal data subject to the Data Protection Act must be encrypted whenever it is "transported" or "conveyed". This includes data stored on physical media (laptops, CD/DVDs, USB drives, etc.) as well as data transmitted electronically (email, FLUFF, etc.). Failure to do so is a breach of the 7th data protection principle and could result in action being taken against the University in the event of data loss. Encryption of data using UOB-approved software and/or devices is one method of protecting against breaching the above data protection principle and should further be used if transporting or conveying restricted UOB data.
For specific guidelines see:
Screenshot: flow chart showing when data should be encrypted.
For further information see: