Download
1 / 10
100 likes | 242 Views
What is the big idea behind the 12/3 Identity Finder scan?. The system-wide scan on 12/3 is intended to permanently remove all PII and anything looking like PII from all CCSU local hard drives . If data is removed during this scan, it cannot be recovered.
E N D
What is the big idea behind the 12/3 Identity Finder scan? • The system-wide scan on 12/3 is intended to permanently remove all PII and anything looking like PII from all CCSU local hard drives. • If data is removed during this scan, it cannot be recovered. • PII is personally identifiable information. • Other locations, like email accounts and network shares (M and S drives) are not part of the 12/3 scan. • Longer term, we will need to deal with PII in these locations as well.
What is considered to be PII? • For the purposes of the 12/3 scan, PII includes: • Social Security Numbers. • Credit Card Numbers. • Bank Account Numbers. • Driver’s License Numbers. • The CCSU default set-up for Identity Finder looks for any pattern of numbers that looks like one of these.
Why should I scan my computer ahead of the 12/3 scan? • You get to determine what happens to your data. • The baseline scan(s) you run will do two nice things: • Identify PII on your machine, so that you can properly secure it. • Identify information on your machine that looks like PII but isn’t (false positives). You can remove it or tell the next scan to ignore it. • False positives can be invoice numbers, SKU codes, or other patterns of numbers.
Which computers are affected? • All CCSU-owned Windows and Mac machines in faculty and staff offices, both desktops and laptops. • All shared computers in offices. • Will need to be scanned by all individual users. • Teaching station computers in smart classrooms and computers in labs are not affected. • These do not allow users to save anything permanently to the hard drive.
Aren’t I allowed to have PII for research and records retention reasons? • Yes, and you may well be required to retain these records for a period of time. • But you do need to secure this information. • Your computer’s hard drive is not a good place. • A secure network share is the best place to store it. • Information Technology has a form for you to request a secure share.
What must I do before 12/3? • Scan every CCSU-owned computer you use, or that you suspect may have PII on it. • Shared computers will need to be scanned by each individual user. • Do the default scan that covers the computer hard drive and your CCSU email, as a baseline. • Identity Finder guides for both Windows and Mac computers are available on the IT Department Identity Finder webpage.
What if I find PII or false positives on my computer? • If you get a hit on your CCSU email account: • You must either choose the Shred option (to permanently remove it) or delete the email yourself. • The program will not offer you any other options. • Alternatively, you can place the emails in a separate folder, and archive the folder to your hard drive or network share. • The program will then allow you to choose from the other options.
What if I find PII or false positives on my computer? • If you get a hit on your hard drive: • Shred: Permanently remove. • Scrub: Redact the PII, but retain the other data. • Ignore: Mark the item so that future scans will ignore it. This is fine for false positives, but not for PII. • Manually move information to a secure share. • Quarantine option is not available to us at this point.
I’m confused and I don’t know what to do next. Help! • Information Technology will be glad to help. • Call the Help Desk. • Consult the IT Identity Finder webpage.
