If you would like to schedule an Identity Finder scan to remove sensitive information from your computer, email [email protected]. Otherwise we will contact you to work out a time for the scan.
PII Removal Project
In the Fall of 2009 the college started a program to remove Personally Identifiable Information (PII) from college laptops. The data to be removed included student social security numbers (often listed in old class rosters), Credit Card numbers and Bank Account numbers. There are several Massachusetts statutes which require the removal or encryption of this data. The tool we use to scan hard drives for this information is a program called Identity Finder. The application does full text searches for PII in Word, Excel, PDFs and other files.
In late 2010 the program was expanded to include all college computers. In order to accomplish this goal OIT purchased the Identity Finder Enterprise Console which allows for remote reporting and control of the search parameters of the Identity Finder client on the local computer. Information on the Enterprise Console is linked below.
During the course of this program it has become clear that many faculty and staff have their own personal data on college computers. Tax returns are common as are Word and Excel files containing financial or personal information. It is important that this data be protected in some way, either removed from the computer or protected through encryption with a password. A recent laptop theft from a car in Williamstown underscored this issue. Even though there were only a few SSNs on the laptop, and they were mostly ones belonging to the family of the owner of the laptop, Williams was still required to report the theft to the Massachusetts Attorney General as a possible data breach.
Identity Finder Software
The Identity Finder application has the ability to search for more than just SSNs, Credit Card numbers and Bank Account numbers. OIT has tested and modified the application so that the scans are limited to just those three items. One thing the program can search for is passwords (it does this by doing a text search for the word “password” or “pass” and then flagging that as a positive hit). When we run Identity Finder at Williams the password search function is disabled.
The Identity Finder application communicates with the college Enterprise Console to produce reports based on the results of the scans. The actual Personal Indentifiable information is NOT reported to the Console. This means that if an SSN, CC# or Bank Account number is found on the harddrive of the computer, those numbers are not transfered to the Console. What is transfered is the number of positive hits, the date of the scan and the type of data found. An example report would be: 5 SSNs, 10 CC#s, 3 Bank Account numbers, found on 5/12/11.
You may want to protect your own personal information before a scan is run so that the data is already protected. This can be accomplished by either removing those files from the computer or by password protecting the files or folders.