Identity Finder

Overview

Data breaches are often big news and can be very costly. Identity Finder is designed to find personally identifiable information (referred to as "Level 1 Protected Data"- descriptions of the data classification levels can be found here) stored on your campus computer and to provide you with a way to securely remove this data. "Protected data" is data that must be protected from unauthorized access.

Keeping protected data on your computer can put you, the campus, and particularly our students at high risk for identity theft. 

Video Introduction to Identity Finder

What is Identity Finder?

Identity Finder is a program that locates Protected Level 1 data in files such as Word, Excel, PDF, or email messages. In addition to locating Protected Level 1 data, Identity Finder can perform actions on locations that contain Protected Level 1 data. Such actions include the ability to delete (Shred), redact (Quarantine), and archive your results in order to protect yourself (or others) from identity theft.

What does Identity Finder search?

This tool will find and assist you with protecting  Level 1 Protected Data (PII), or other data elements that can be used for identity theft. This data would allow someone to steal your identity by obtaining them individually, or by using them in combination with each other. Such data includes:

  • Social Security Numbers
  • Credit Card Numbers
  • Passwords
  • Bank Account Numbers
  • Driver License Numbers
  • Dates of Birth

The types of files that Identity Finder searches for are Microsoft (Word, Excel, Access, PowerPoint, etc.) Adobe (PDF), text files, web files and other common file types. Identity Finder also searches through compressed files, Exchange mailboxes (including attachments), Outlook profiles, and .pst files.

Such data can come from a broad range of activities and records including the following:

  • Old Class Rosters
  • Old Student Time Sheets
  • Demographics data and records requested by federal agencies or professional organizations
  • Human Resource Records
  • Student Reporting

The Information Security Office recommends destroying any confidential information which is no longer needed, or moving such data to a secure folder location on the Campus’ Bay file server.

Where does Identity Finder search?

Identity Finder will search through specific folders in your computer's hard drive for Protected Level 1 data. These include, but are not limited to:

  • Local user folders (Documents, Desktop, Downloads, Music, etc.)
  • Web Browsers (saved passwords, browser cache, Favorites/Bookmarks, etc.)
  • Outlook Email and attachments
  • Windows Registry

Identity Finder will not search folders reserved by the Operating System, such as C:\Program Files or C:\Windows, as these are typically write-protected and require admin privileges to access.

CSU, Chico and its employees are responsible for PII data for individuals that is collected and stored. If you have a question about the data you are storing, and whether you should be storing it, please ask your manager.

For future reference, our Quick Scanning Guide can assist you in launching, searching, shredding, ignoring, and saving results.

A few items to be aware of:

  • We recommend you schedule your first scan to run overnight, as it can be a long process.
  • Don't forget to lock your computer screen by pressing the Windows key and L (PCs), Ctrl-Shift-Power (Mac laptops), or Ctrl-Shift-Eject (Mac desktops).
  • All files stored on your computer and user folder on Bay will be scanned. However, encrypted files will be ignored.
  • If you use Google Drive (or similar cloud storage), your email is copied locally to your computer and therefore will be scanned; this will not happen if you use Gmail (or any other email service) only in the web interface. 

CFA & CSUEU Review

CSU labor relations and system-wide Information Security reviewed the Identity Finder deployment, and has recognized the importance and the value of this implementation to our security process.

“The parties to this agreement, (CSU) and CFA, agree that data breaches are detrimental to all and agree that CSU may proceed with its implementation of … Identity Finder, subject to documented conditions.”

CSUEU Approval: 3/3/14
CFA Approval: 7/21/14

CFA - “The parties acknowledge the importance of working together to ensure the security of data used and stored on CSU system.”

CSUEU - “The parties acknowledge that CSU is required by law and CSU policy to monitor and protect the security of data used and stored on its systems and acknowledge the importance of working together to ensure the security of the data.”

Policy

Policy 8065.0 - Information Asset Management from the Information Security Policy section of the Integrated CSU Administrative Manual

Was this helpful?
0 reviews

Details

Article ID: 11689
Created
Mon 3/14/16 12:43 PM
Modified
Mon 7/6/20 11:39 AM