Identity Finder Frequently Asked Questions

What is Identity Finder?

• Identity Finder is a program that searches your computer for Level 1 Protected Data (PII) such as social security numbers and credit card numbers.

Why is Chico State using Identity Finder?

• Data breaches are big news and are very costly.  Most breaches of PII occur on computers where no one expects that data to be located.  CSU, Chico is providing the Identity Finder tool to help individuals and departments proactively locate this data so it can be removed or secured.

Who was involved with the review of implementing Identity Finder?

• CSU labor relations and system-wide Information Security reviewed the Identity Finder deployment, and has recognized the importance and the value of this implementation to our security process.
• “The parties to this agreement, (CSU) and CFA, agree that data breaches are detrimental to all and agree that CSU may proceed with its implementation of … Identity Finder, subject to documented conditions.”
• CSUEU Approval: 3/3/14
• CFA Approval: 7/21/14

Who will have access to the results?

• Self-scan results can be seen by you, and only the masked data (last four (4) digits) is sent to a secure server and may be reviewed by the Information Security Office.  Only designated department IT administrators will be able to see the file location and type of hit in order to assist users with removing or securing the data.  The entire contents of the file are never revealed and cannot be seen by anyone but you.

What is Level 1 and Level 2 data?

• "Protected Information" is an umbrella term for information that is linked to an individual person's identity, such as Social Security numbers, drivers' license data, and credit card or bank account information (sometimes called Personally-Identifiable Information, or PII) and which can be used to facilitate identity theft. Protected Information is categorized into three levels, with Level 1 being the most prone to identity theft.
• For more detail on the levels of protected data, please visit http://www.csuchico.edu/isec/data_protection.shtml

What do I do with PII?

If you find protected data on your system you can do one of the following:
• Remove PII Data - Shred, Scrub, Quarantine
• Ignore Search Results
• Save Results

Where does Identity Finder search?

• Local Computer (C:\ Drive)
Including Outlook Personal Folder (.PST) files
• Locally Installed Cloud Storage
i.e. Google Drive, Dropbox, OneDrive, Box Sync
• Business Documents on Bay (U:\ Drive)
• Outlook Exchange Mailbox (including attachments)

What is excluded?

• Non-Bay user folders
• Network mapped folders other than Bay Users
• False Positives – EMPLIDs appearing as unformatted SSNs
• “Wildcat ID” + 00123456 – Ignored
• “EMPLID” + 00234567 – Ignored
• Directories reserved by the Operating System (non-user areas)
• C:\Program Files
• C:\Program Files (x86)
• C:\Windows

What should I do with the results?

• Depending on the circumstances, you will have the option to either Shred, Ignore, Scrub, or Quarantine the data.

Can I keep “Personal” (my own) Level 1 data saved on my computer?

• This is discouraged as the campus may have to take steps to protect the computer and notify in the event of a breach. 
• We encourage you to move important files to a user folder on Bay, if files must be kept. Otherwise, you can select to Ignore such results to prevent the findings from showing up in proceeding scans.

If I have a legitimate reason for keeping it, what does this mean to me?

• The main purpose of conducting these scans is to search for and destroy other people’s PII.  The campus is required to keep a list of systems storing PII, and there are many rules that must be followed on those systems, including high-risk configurations.

When should I initiate a search?

• Identity Finder works much like an anti-virus program such as Norton or McAfee.  The first scan can cause some minor system performance slow down (depending on the system resources and the quantity of files stored on the computer).
• It’s best to start Identity Finder before a break or at the end of the day (make sure to lock your screen).

What happens when I mark results as false positives?

• False positives can be marked by selecting Ignore for such findings in the results wizard.  As long as you save the results when exiting Identity Finder, marked false positives will be ignored the next time Identity Finder is run.

I am using a computer that is shared by others, what about other peoples' profiles?

• In the event that your computer contains multiple user accounts, either because it is a multi-user computer or because it previously belonged to another employee, Identity Finder will still be able to conduct the scan.  However, depending on whether you are an administrative user or not determines if you will be able to review the results. 
• Multi-user computers: If your computer is a shared computer, this will apply.  Administrative users will be able to access all results of scans performed by Identity Finder on the machine (you will see results located on accounts other than yours).  This is a result of already having access to such information due to being an administrator.
• Single use computer with abandoned profiles that the scanner cannot see:  Non-administrative users will not be able to access results other than their own on the computer being used.  If you are scanning your computer and you happen to come across results that are not yours, please contact IT Support Services to have your computer re-imaged.  NOTE: This should be uncommon.
• Single use computer with abandoned profiles that the scanner can see. If you are an administrator then Identity Finder will scan the entire computer allowing you to dispose of PII from all present accounts (due to already having access as an administrator).  If this occurs, please contact IT Support Services to have your computer re-imaged.

Are labs and servers included in the scope of the scan?

• No, scans are limited to individual workstations.

What if my U:\ drive is mapped to some network share other than the user folder located in Bay? 

• Standard mapping is to use U:\ for your designated user folder on Bay.  Having it mapped to another location will result in Identity Finder scanning locations outside of the standard scope of operation.

Was this helpful?
100% helpful - 2 reviews

Details

Article ID: 11679
Created
Mon 3/14/16 10:18 AM
Modified
Mon 7/6/20 11:39 AM