Data encryption

Information is "locked up" using a key, and cannot be read until it has been unlocked using the correct key. The key used to unlock the information does not have to be the same as the one used to lock it in the first place.

Symmetric encryption

Symmetric encryption means that the same key is used to lock up and unlock the data. The sender and the recipient must send the key between them in a safe manner.

Asymmetric encryption

Asymmetric encryption is often also called public key encryption. Here a pair of keys is used, one private and one public key, which are mathematically related to each other. The public key can be made available to anyone, but the private key is known only to its owner. Even though there is a mathematical connection between the two keys, the one cannot be extrapolated from the other. The public key can be freely distributed. The validity and authenticity of the public key must, however, be verified and managed.

These two methods have differing requirements with regard to the length of the key.

What standards do we set for encryption?

The Norwegian Data Protection Authority has no legal competence with regard to encryption, and we can offer no guidance about how data should be encrypted. We refer to the guidelines issued by the National Security Authority (NSM) NSM Cryptographic Requirements 3.0 (pdf), and the recommendations they give in their security blog.

What adequately safeguards confidentiality?

This is a question we are often asked. The most important factor is to employ extensively used and well-reputed algorithms and methods, as well as a sufficiently long key.

Three elements determine whether something is encrypted securely enough:

1. Functions – cryptographic mechanisms

• For symmetric confidentiality protection, the recommendation is for AES with a 128 or 256-bit key.
• As a Secure Hash Algorithm, the recommendation is for SHA-2 with at least 256-bit strength.
• For the RSA algorithm, the recommendation is for a 3072-bit key.

2. Confidence in the encryption module

Cryptographic modules which generate, protect and use private keys or session keys should be evaluated against Common Criteria, FIPS 140-2 or similar standards.

3. Key management

• Keys can be created in software (for personal use) for data communication (data in transit).
• Keys must be created and used in hardware for long-term storage (data at rest).
• The lifespan of keys depends on the protection afforded to them.
• Long-term keys must be asymmetrical and digital certificates, and PKI must be used for key management.
• Keys must be deleted properly after use.

If one of these elements is lacking or weak, the security system is not good enough. An updated overview of methods and key lengths can be found in the guide NSM Cryptographic Requirements 3.1 (pdf).

Who decides if security is good enough?

The undertaking (personal data controller) itself must carry out a risk assessment of the information in need of protection. A payslip is an example of a document which may contain sensitive personal data, and which must therefore be kept confidential.

A risk assessment must be made of the encryption passwords used and how these are managed. Passwords for decrypting a payslip should, for example, not be the date of birth of the recipient or any other easily identifiable characteristic.

The Norwegian Data Protection Authority can order the safeguarding of personal data and determine the criteria for acceptable risk associated with the processing of personal information.

What must be encrypted?

We believe confidentiality is necessary when the information being transferred comprises:

1. Sensitive personal data
2. National Identity Numbers
3. Personal data relating to many people
4. Personal data that the controller has classified as worthy of protection

When and how must information be encrypted?

When data communication is used (data in transit)

Personal data which are to be transferred between two or more locations by means of digital communication. This may be:

• between the entity's (data controller's) own locations,
• between the entity and a service provider (data processor or security system provider),
• between service providers and their subcontractors, or
• between service providers' data centres.

Transfer of emails and websites

HTTPS is the most common format. The highest version of TLS (Transport Layer Security) should be used, while SSL 3.0 (and lower) should be avoided, since they contain known weaknesses. TLS 1.0 is an improvement on SSL 3.0. TLS 1.2 also has its problems, but this depends on the algorithm and the client. TLS 1.3 exists in draft form, and will soon be released.

Encryption of individual files

If, in connection with the transfer of individual files, it is not possible to encrypt the email or to be certain that the email transfer is encrypted, encryption mechanisms built into software systems may be used as an alternative. Examples include 7zip, PDF or more recent versions of MS Office. These support AES 256.

The encryption key must be secured and sent separately to the recipient. One option is to transmit the key as a text message or orally over the telephone. However, the risk that such an approach entails must be assessed, and we recommend it only be employed in individual cases when it is not possible to encrypt the actual communication. The problem is that it may not be possible to adequately control the destination points or protect against hacking.

Hard disk encryption

Hard disk encryption primarily protects the confidentiality of data when the computer is turned off. Data is thereby secured if the computer is lost or stolen. Hard disk encryption has become a standard function in modern operating systems. Examples include FileVault for MacOS, BitLocker for Windows and hardware-based hard disk encryption from Intel.