At this time, removable storage devices (e.g., USB hard drives, USB flash memory) are exempt from encryption requirements. Nonetheless, if a device is being used to store (e.g., to back up) High Risk Data, every effort should be made to encrypt it, and to keep it physically secure.
Copyright Stanford University. Stanford, California 94305.