Virtru Email & File Encryption Service

Virtru is an email and file encryption service for UCSC Gmail and Google Drive that will help keep the university's most sensitive communications extra secure and private by preventing unauthorized access. 

Availability

The UCSC Virtru service is a 2-year pilot (2022 - 2024) available to all faculty, staff, and students at no charge to gauge interest and to learn how Virtru works in practice at UCSC. If you would like to share your experience using Virtru, please email help@ucsc.edu


How it works

  • Virtru for Gmail is integrated into the UCSC Google Mail inbox. It’s a simple Chrome web browser extension that once installed, you can easily turn on and off to encrypt emails and attachments, preventing access by Google and unauthorized parties. Learn how to use Virtru for Gmail

  • Virtru for Drive is integrated into the UCSC Google Drive service. It’s a simple Chrome web browser extension that once installed, you can easily encrypt existing Drive files or new ones, preventing access by Google and unauthorized parties. Learn how to use Virtru for Drive

Why use Virtru

  • Restrict, expire, and audit data access to mitigate breach risks
  • Protect student and employee information even if the network is infiltrated.
  • Enforce easy HIPAA, FERPA, and CJIS protection for all of your users
  • Maintain compliance with regulations like CMMC
  • Protect against unwanted government surveillance and cloud provider access

When to use Virtru

You only need to encrypt emails/files when you want to control access or that contain sensitive information. Not every email/file needs to be encrypted. 

For more about sensitive data you encrypt with Virtru, see UC Protection Levels for Institutional Information and review P3 and P4 protection levels.

Here are some examples of information you use with Virtru encryption:

  • Protected Health Information (ePHI)
  • Personally identifiable information (PII) such as name, birth date, and address
  • An Excel spreadsheet or Google Document with names and unique names addresses, and student IDs
  • Grades and other student education records
  • Personnel information 
  • Intellectual property

What NOT to encrypt using Virtru:

  • Controlled Unclassified Information (CUI)
  • Credit Card or Payment Card Industry (PCI) Information
  • Federal Information Security Management Act (FISMA) Data
  • Student Loan Application Information (regulated by GLBA)
  • Email processed by tools such as ServiceNow, Perceptive Content. (Examples of such emails are help@ucsc.edu and Staff HR emails. )    

Who should use Virtru

Students, faculty, staff, University Health Services, campus police, alumni donors, research centers, Registrars, disciplinary committees, advisors and department managers, Staff HR and Legal Counsel are only a few examples of our community who can use Virtru to share data securely and keep sensitive communications private and compliant.


Encrypted Record Guidelines

Electronic messages sent or received in the course of conducting UC business are administrative records subject to university records policies, guidelines, and retention schedules. Encrypted Record Guidelines