Guidance

Data encryption and passphrase guidance

Updated 15 September 2021

Applies to England, Northern Ireland and Wales

If you’re in any doubt, seek advice from the service desk before emailing any learner data.

1. Who this guidance is for

This guidance is for any user of the learning records service (LRS).

It sets out your data protection responsibilities and how to encrypt and password protect learner data when contacting the service desk.

2. Your data protection responsibilities

You must encrypt and password protect all learner data that you send by email to the LRS service desk. Learner data includes:

• unique learner number (ULN)
• given name
• family name
• date of birth
• gender
• postcode

Protecting learner data is your responsibility under both the LRS user agreement and data protection legislation.

3. Encrypting and password protecting learner data

You can encrypt and password protect learner data using software such as Egress Switch or WinZip.

Encryption masks the personal data and password protection ensures that only authorised users can access it.

When using encryption software you should:

• encrypt the files to AES 256 bit encryption standards
• create a password with a minimum of 15 alpha-numerical character including symbols, for example L3arN!ngr3C0rds
• communicate the password to the LRS service desk using an alternative communication method such as telephone

You can check the user guide for your encryption software if you need more help.

4. Security breaches

You’re in breach of data protection legislation if you:

• share your account details or allow someone else to use your account
• send more than one type of learner data in an unencrypted email, for example sending a learner’s ULN and first name
• send a password for an encrypted file by email

5. If you still need help

You can contact the service desk.