ARCHIVED: Using Identity Finder Endpoint at IU, how do I run a scan and take action on any protected data it finds on my computer?

This content has been archived, and is no longer maintained by Indiana University. Information here may no longer be accurate, and links may no longer be available or reliable.
UITS decommissioned the Identity Finder service on February 28, 2019. Along with its edge partners, UITS has begun exploring alternative services and will start a proof of concept during 2019. For instructions for uninstalling Identity Finder, see ARCHIVED: Manually remove Spirion Identity Finder.

On this page:

About using Identity Finder Endpoint

UITS recommends installing Identity Finder Endpoint on university-owned computers. Also, UITS Leveraged Services offers an enterprise service that can provide added protection; for more, consult your IT Pro or computer administrator.

  • As faculty or staff, you can use ARCHIVED: Identity Finder Endpoint to scan your own data and other files stored on devices you use for university work and on university-owned systems. UITS recommends running scans regularly, and especially if/when you think you may have collected new sensitive information.
  • Using the UITS ARCHIVED: Global Identity Finder service, IT Pros can also search data and other files stored in individual computer accounts on university-owned systems. These are scanned monthly to facilitate reporting. Additionally, departments and schools can add additional scans and policy for groups regularly working with institutional data.

    IU's Privacy of Electronic Information and Information Technology Resources Policy (IT-07) requires that administrators not view others' information without explicit authorization. Thus, administrators must not open the files Identity Finder locates; instead, send the names of the resulting file locations to the owner of the account or system where the files are stored, directing the owner to review the files and take appropriate action.

When you first launch Identity Finder, you will be prompted to set a profile password. You'll need it to access your saved searches in the future, including results you mark as false positives. Be sure to use a password other than your IU passphrase.

For help with Identity Finder, see its comprehensive help system. Alternatively, see the UITS Leveraged Services Global Identity Finder page, or contact your campus Support Center.

For information about handling, storing, sharing, transmitting, and disposing of institutional information at IU, see the IU Data Management website.

Running a scan

Before you begin:
  • If Identity Finder isn't already on your computer, see ARCHIVED: Download and install Identity Finder Endpoint.
  • Scanning any system for the first time can take several hours. You can continue to work while Identity Finder searches your computer, but it may affect performance. Instead, you may wish to begin the scan at the end of the day and allow it to run overnight. Lock your screen while the scan is running, and change your Energy Saver settings so your computer will not go to sleep.
  • Before scanning someone else's computer or personal file location, be sure to:
    • Have written permission from the individual to whom the account or device has been assigned or attributed, or
    • Provide written notification to the individual(s) describing who will use the tool, how, and for what purpose, as well as anticipated use of the resulting information.
  1. Connect any external storage media or mount file server shares that you want to search in addition to your computer's hard drive, and disconnect from any file server shares that you don't want Identity Finder to search.
  2. Launch Identity Finder, and use the Search Wizard as a quick way to begin. Click Start Search Now to start a search with the default settings.

For more about searching, including customizing your search, see:

  • When configuring a customized search, you will see that several options are selected but grayed out; this is intentional, and reflects that the Identity Finder client receives policy from UITS.
  • While your scan is running, its current progress will display.

Reviewing your scan results

When the scan is finished, a Search Summary screen will appear with results. Identity Finder will create a report that displays every file containing potential PII (Personally Identifiable Information), PHI (Personal Health Information), or PCI (Payment Card Industry) data.

In the "Search Summary" screen, click Advanced. A new window will open listing all items the scan found. When you select an item, a "Properties" pane will provide information about that file. The most important items in this area are the file path and type of file. Alternatively, you can use the Wizard, which will take you through your results and help you choose the best actions.

If you wish, you can use the "Preview" pane to simply preview results.

When reviewing results, look for:

  • Social Security numbers
  • Credit card numbers
  • Bank account numbers
  • Payment card information (e.g., account numbers, electronic statements)
  • Passwords and PINs
  • Passport numbers
Identity Finder will not find data considered sensitive only in some contexts (e.g., a date may or not be a birth date).

For a complete list, see Sensitive data Discovery.

Taking action on scan results

If the scan didn't return results, it does not guarantee that your computer does not contain protected data, but means that the patterns used by Identity Finder to search your computer did not find any results. You still have a responsibility to safeguard any protected data you may handle or create during the course of your job duties.

You can take the following actions with each result in Identity Finder:

  • Shred: Shredding a file removes it completely from your computer. This cannot be undone, so shred carefully! Shredding is the appropriate action to take when you no longer need the file or the protected information it contains.

    To Shred a file, select it in the "Results" pane and click Shred in the main ribbon.

  • Scrub: Removes the protected information from the file except for the last four characters, but otherwise leaves the file intact on your computer. Scrubbing is the appropriate action when you no longer need the personal information but need to keep the file.

    To Scrub a file, select the file in the "Results" pane and click Scrub in the main ribbon.

    Scrubbing is not available for email, PDF, or file types other than Word, Excel, and text files.

  • Secure: This option is under consideration, but is not yet enabled.
  • Ignore: Ignoring a file leaves the file and any protected information it may contain on your computer, and marks it to be ignored on subsequent searches. When Identity Finder identifies a false positive, use the Ignore feature; however, don't use it for any purpose other than false positives.
If you have questions about what types of data constitute a positive result, or are concerned that sensitive university data may still be present on your computer, contact either your IT Pro or your campus Support Center. When you do so, don't include the original documents, nor excerpts of those documents.

False positives

Examples of false positives include:

  • Mistyped telephone numbers, such as "(812) 55-1234". Identity finder may see this as a Social Security number (SSN), since it contains a series of nine numbers with no letters between them.
  • Internet cookies and other identifiers from visits to web pages. The random number that web pages give may look like an SSN, e.g., this one from CNN: TRUE / FALSE 128166551 CNNid Gaa54548-14803635-1150020624187-1

    Identity Finder may indicate that "128166551" is a SSN.

  • Other files containing random numbers, such as a winword.exe program file where you'd see random numbers, letters, and symbols, which Identity Finder may perceive containing an SSN. UITS continually limits false positives, but there will always be exceptions.
Technical details about false positives:

The UITS Leveraged Services Global Identity Finder platform has many automated processes to locate PII, PHI, PCI data. Identity Finder utilizes advanced algorithms incorporating contextual analysis, proximity checks, validations, industry checksums, minimum counts, and a variety of user customizable settings.

For specific file types, such as Microsoft Excel, Identity Finder knows that while a cell might display 123-45-6789, different versions of Excel store numbers in different ways internally. Identity Finder intelligently adjusts its validation algorithms based on file type, so that cells in CSVs include commas, Excel 2007 and later files include XML tags, and Excel 2003 and earlier include carriage returns and trailing decimals.

Identity Finder takes further steps by looking for keywords, negative keywords, context, minimum counts, and a variety of user-customizable settings, allowing Identity Finder to only match the information that is real PII. Once potential PII is found, Identity Finder can validate the number against additional rules, such as Social Security Administration rules to ensure that an SSN could have been issued. It passes potential credit card numbers through the Luhn algorithm, and compares the number against definitions from issuing banks and financial institutions.

These few examples of intelligent, real-time and context-aware search features maximize accuracy and drastically reduce false positive results.

For help, contact your campus Support Center.

This is document aygd in the Knowledge Base.
Last modified on 2021-03-10 17:41:28.