The purpose of the Macalester College Whole Disk Encryption Policy is to protect regulated and confidential data that may reside on Faculty and Staff computers. See the data classification policy for more information. These devices are often portable or located in public spaces making them susceptible to accidental loss or theft. Whole disk encryption protects data residing on storage mediums when the computer is powered off.


This policy governs appropriate use of encryption on Macalester provided or managed computers for Faculty and Staff.


  • Computers will be configured with whole disk encryption using the operating system integrated method (BitLocker, FileVault)
  • Whole disk encryption keys will be centrally managed by ITS.
  • Encryption status will be recorded and periodically updated.
  • Users will not disable whole disk encryption for any reason.
  • A password is required to login, unlock, or return to active state from sleep, hibernation, screen saver and all similar states in order to protect data when the computer is on.


Any user found to have violated this policy will be subject to revocation of certain privileges or services, including but not limited to loss of computer access.

November 2019