Identity Finder assists in the discovery and removal of Personally Identifiable Information (PII) from University owned computers. Faculty and staff should run this tool on their computers.
As a faculty or staff member at the University of Rochester, your responsibility is to limit the use of and protect PII. The Identity Finder software is made available to assist in locating and cleaning electronic data stores containing PII.
You are responsible for installing Identity Finder on your computer and running the first scan. You must then review the results and take action on each file. The instructions below outline how to perform these tasks, and the options you have for remediation.
If Identity Finder finds files on your computer that include PII and the information must remain on the local computer, the computer should be encrypted with the University encryption solution. In addition, as encryption only protects against data retrieval if the computer has been stolen – other attacks such as malware or network intrusions still leave data at risk. As such, data that must be kept should be registered under the Social Security Number Registry, maintained my University IT.
University IT does not collect the PII match data from Identity Finder. This means the individual SSN, credit card, or other results found by the software are not sent to University IT. The data that is collected by University IT when a scan is run is limited to:
- Location of files and email messages with PII
- Types of PII found (SSN, credit card, bank account, etc)
- Actions taken to clean up the PII collections
- User name that ran Identity Finder
- Computer name and IP address
- Date and time the scan was run