Using Identity Finder, how do I scan my computer for protected data?

On this page:


About using Identity Finder

UITS encourages installing Identity Finder on any IU-owned computers. Since IU has a central service that can provide further protection, consult your IT Pro or computer administrator if available.

  • As faculty or staff, you can use Identity Finder to scan your own data and other files stored on devices you use for university work and on university-owned systems. UITS recommends running scans regularly, and especially if/when you think you may have collected new sensitive information.
  • Using the UITS Global Identity Finder solution, IT Pros can also search data and other files stored in individual computer accounts on university-owned systems. These are scanned monthly to facilitate reporting. Additionally, departments and schools can add additional scans and policy for groups regularly working with institutional data.

    IU's Privacy of Electronic Information and Information Technology Resources Policy (IT-07) requires that administrators not view others information without explicit authorization. Thus, administrators must not open the files Identity Finder locates; instead, send the names of the resulting file locations to the owner of the account or system where the files are stored, directing the owner to review the files and take appropriate action.

For assistance with Identity Finder, see its comprehensive help system. Also, visit Identity Finder Global Support, or contact your campus Support Center.

Important:
When you first launch Identity Finder, you will be prompted to set a profile password. You'll need it to access your saved searches in the future, including results you mark as false positives. Be sure to use a password other than your IU passphrase. Version 9.0 allows the functionality to recover a profile password if it is lost.

Running a scan

Before you begin:
  • If Identity Finder isn't already on your computer, see At IU, how do I download and install Identity Finder?
  • Scanning any system for the first time can take several hours. You can continue to work while Identity Finder searches your computer, but it may affect performance. Instead, you may wish to begin the scan at the end of the day and allow it to run overnight. Lock your screen while the scan is running, and change your Energy Saver settings so your computer will not go to sleep.
  • Before scanning someone else's computer or personal file location, be sure to:

    • Have written permission from the individual to whom the account or device has been assigned or attributed, or
    • Provide written notification to the individual(s) describing who will use the tool, how, and for what purpose, as well as anticipated use of the resulting information.
  1. Connect any external storage media or mount file server shares that you want to search in addition to your computer's hard drive, and disconnect from any file server shares that you don't want Identity Finder to search.
  2. Launch Identity Finder, and use the Search Wizard as a quick way to begin. Click Start Search Now to start a search with the default settings.

For more about searching, including customizing your search, see:

Notes:
  • When configuring a customized search, you will see that several options are selected but grayed out; this is intentional, and reflects that the Identity Finder client receives policy from UITS.
  • While your scan is running, its current progress will display.

Review your scan results

When the scan is finished, a Search Summary screen will appear with results. Identity Finder will create a report that displays every file containing potential PII (Personally Identifiable Information), PHI (Personal Health Information), or PCI (Payment Card Industry) data.

In the "Search Summary" screen, click Advanced. A new window will open listing all items the scan found. When you select an item, a "Properties" pane will provide information about that file. The most important items in this area are the file path and type of file. Alternatively, you can use the Wizard, which will take you through your results and help you choose the best actions.

If you wish, you can use the "Preview" pane to simply preview results.

When reviewing results, look for:

  • Social Security numbers
  • Credit card numbers
  • Bank account numbers
  • Payment card information (e.g., account numbers, electronic statements)
  • Passwords and PINs
  • Passport numbers
  • Note:
    Identity Finder will not find data considered sensitive only in some contexts (e.g., a date may or not be a birth date).

    For a complete list, see Sensitive data Discovery.

Take action on results

If the scan didn't return results, it does not guarantee that your computer does not contain protected data, but means that the patterns used by Identity Finder to search your computer did not find any results. You still have a responsibility to safeguard any protected data you may handle or create during the course of your job duties.

You can take the following actions with each result in Identity Finder:

  • Shred: Shredding a file removes it completely from your computer. This cannot be undone, so shred carefully! Shredding is the appropriate action to take when you no longer need the file or the protected information it contains.

    To Shred a file, select it in the "Results" pane and click Shred in the main ribbon.

  • Scrub: Removes the protected information from the file except for the last four characters, but otherwise leaves the file intact on your computer. Scrubbing is the appropriate action when you no longer need the personal information but need to keep the file.
  • To Scrub a file, select the file in the "Results" pane and click Scrub in the main ribbon.

    Scrubbing is not available for email, PDF, or file types other than Word, Excel, and text files.

  • Secure: This option is under consideration, but is not yet enabled.
  • Ignore: Ignoring a file leaves the file and any protected information it may contain on your computer, and marks it to be ignored on subsequent searches. When Identity Finder identifies a false positive, use the Ignore feature; however, don't use it for any purpose other than false positives.
    Important:
    • If you have questions about what types of data constitute a positive result, or are concerned that sensitive university data may still be present on your computer, contact either your IT Pro or your campus Support Center. When you do so, don't include the original documents, nor excerpts of those documents.
    • If you still need access to any files containing protected information that you cannot either shred or scrub, secure the file with a password.

False positives

Examples of false positives include:

  • Mistyped telephone numbers, such as "(812) 55-1234". Identity finder may see this as a Social Security number (SSN), since it contains a series of nine numbers with no letters between them.
  • You can safely use Ignore for such files when you are sure they are not SSNs.

  • Internet cookies and other identifiers from visits to web pages. The random number that web pages give may look like an SSN, e.g., this one from CNN:
    .cnn.com TRUE / FALSE 128166551 CNNid Gaa54548-14803635-1150020624187-1
    

    Identity Finder may indicate that "128166551" is a SSN.

    You can safely use Shred for these types of files.

  • Other files containing random numbers, such as a winword.exe program file where you'd see random numbers, letters, and symbols, which Identity Finder may perceive containing an SSN. UITS continually limits false positives, but there will always be exceptions.

    You can safely use Ignore for these files if they are unreadable in the "Preview" pane due to containing ASCII characters.

For help, contact your campus Support Center.

Technical details about false positives:

The UITS Leveraged Services Global Identity Finder platform has many automated processes to locate PII, PHI, PCI data. Identity Finder utilizes advanced algorithms incorporating contextual analysis, proximity checks, validations, industry checksums, minimum counts, and a variety of user customizable settings.

For specific file types, such as Microsoft Excel, Identity Finder knows that while a cell might display 123-45-6789, different versions of Excel store numbers in different ways internally. Identity Finder intelligently adjusts its validation algorithms based on file type, so that cells in CSVs include commas, Excel 2007 and later files include XML tags, and Excel 2003 and earlier include carriage returns and trailing decimals.

Identity Finder takes further steps by looking for keywords, negative keywords, context, minimum counts, and a variety of user-customizable settings, allowing Identity Finder to only match the information that is real PII. Once potential PII is found, Identity Finder can validate the number against additional rules, such as Social Security Administration rules to ensure that an SSN could have been issued. It passes potential credit card numbers through the Luhn algorithm, and compares the number against definitions from issuing banks and financial institutions.

These few examples of intelligent, real-time and context-aware search features maximize accuracy and drastically reduce false positive results.

This is document aygd in the Knowledge Base.
Last modified on 2016-07-12 13:50:41.

  • Fill out this form to submit your issue to the UITS Support Center.
  • Please note that you must be affiliated with Indiana University to receive support.
  • All fields are required.

Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.

  • Fill out this form to submit your comment to the IU Knowledge Base.
  • If you are affiliated with Indiana University and need help with a computing problem, please use the I need help with a computing problem section above, or contact your campus Support Center.

Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.