Protecting data at rest, in transit, and on devices.
Encryption turns a lost laptop or stolen database into a non-event for notification and liability.
What strong practice looks like
Encryption at rest, in transit, and on devices / portable media.
What this area covers
Is sensitive data encrypted at rest?
Encryption scrambles data so that only someone with the right key can read it. It’s commonly applied in two places:
- In transit — protected while it’s moving (for example, between your browser and a website).
- At rest — protected while it’s stored and sitting still — on a hard drive, laptop, server, or database.
“Data at rest” simply means the stored copies. Carriers ask because if a laptop is stolen or a server is breached, encrypted data-at-rest is unreadable to the thief — it turns a serious data loss into a non-event.
CISA — Encrypt Business Data ↗ — what good looks like
Also covered in this area
- Is data encrypted in transit?
- Are laptops / portable media encrypted?
This library is general education, not advice about your specific organization. It describes what each control is and what strong practice looks like; whether and how any of it applies to you is your decision, in consultation with your carrier, broker, or counsel.