Running Identity Finder on Windows
The OIT Identity Finder package that has been installed on your computer comes pre-configured with all of the proper settings to scan your computer. This is a step-by-step guide to the process of scanning your computer and managing the scan results.
Please read through the guide before scanning your computer, and if you have issues, do not hesitate to contact OIT@tufts.edu
Launch Identity Finder by clicking on the icon located on your desktop:
If Identity Finder Update Window pops up on startup, click “Yes” to update AnyFind Definitions.
Because everything has been pre-configured for you, please do not change any of the scan settings. Just click “Start” and wait for the process to complete.
The software will scan every file on your computer so it may take a few hours to finish. The software is similar to anti-virus software and it can continue to run in the background while you use your computer.
Once the scan is complete, the first thing you should do is save the file.
Save the file by clicking the Identity Finder button and “Save”.
Once you create a file name and click “Save”, you will be forced to enter in a password.
The password is used to encrypt the file, as it will potentially contain a list of files that contain SSNs or financial account numbers on your computer. Please select a strong password using a combination of upper & lower case characters, numerals and symbols.
Post scan, Identity Finder will display a list of files that may potentially contain Personal Information (Social Security Numbers, financial accounts, etc). The list will also include files that contain patterns that look like Social Security Numbers or financial accounts, but are actually just a string of digits.
The first time your scan your computer, you will likely encounter a large number of these false positives. Subsequent scans will go much faster because there are ways to ignore these files when scanning in the future.
Once the scan is complete, you will be asked how you would like to manage the results. When prompted with this dialog box, choose the Advanced icon:
The Results Window provides a list of files that Identity Finder believes contain patterns that match personal information. The Results Window has three main areas of focus:
- List of Files – A list of the files that it believes contain personal information
- Actions – Actions that you can take on those files
- Preview Pane – A view into the specific text within the document that matches the pattern
Undoubtedly, on your first scan Identity Finder will find a large number of false positives. Review each of the files by selecting the file name within the list and viewing the data within the Preview Pane. If the data is decidedly not a SSN or financial account number, the file can be ignored.
To Ignore a file, simply click the check box next to its name and then within the Actions panel, select “Ignore This Item Location”.
If you have a large number of false positives, you can use the arrow keys to move up and down through the list and press the space bar to check/uncheck the check box
If you have identified real records that contain actual Personal Information, the data has to be appropriately managed.
If you have identified data that contains personal information and belongs to the University, then deciding what to do is more complex and involves consulting your manager or Information Steward.
Prior to taking any actions on University owned data, it must be determined if the University, and specifically your organization or business unit, still has a requirement to collect and store this information. Some records may be legally retained for a defined period of time. Requirements and regulations vary, so consult your manager if in doubt.
If you know for certain that the files you have identified are not legally regulated, and are not required by the department, than they should be shredded using the ‘Shred Selected’ action.
Shredded files CANNOT be recovered, so use caution when selecting this option.
Example files in this category may include:
- Old student rosters
- Files e-mailed to you for that contain legacy Student ID numbers (SSNs)
As always, consult with your manager to determine if your school, department or organization still has a requirement to collect and store this information.
If your Tufts computer has ever been used to perform or print annual tax filings or apply for financial aid there is a good chance that this data has been picked up by Identity Finder.
If the data identified belongs to you or your family members, you can safely choose to securely destroy the files. The easiest way to do this is to select “Shred Selected” within the Action settings.
Shredded files cannot be recovered, so use caution when selecting this option.
A risk of mailbox corruption exists if you select the “Shred” option when trying to securely destroy local e-mail messages that contain Personal Information. This issue is fairly common among applications that scan email (including some anti-virus tools) because of how these applications interact with mailbox files and folders.
For this reason the “Shred email” option has been disabled in Identity Finder. To remove email containing personal information, we recommend finding the message using your usual email program and manually deleting the message.
To do this in Outlook, MacMail or Thunderbird, locate the individual message in the local folder and delete it.
Depending on how the mail client is configured, one of two things will happen:
- The mail will go into the “Trash” folder. Go into the Trash folder and delete the message from there.
- The message will stay in the mailbox with a red X over it. From the menu bar choose File: Compact Folders and the message will be deleted from the client.
The deleted message will go to “Deleted Items”. Go into the Deleted Items folder and delete the message from there.
You may encounter a file with Personal Information that is required by your organization. These files should not be erased, so they must be adequately protected. Work with your local Information Steward to determine the proper place to re-locate the file within your organization. The Information Stewards are tasked with reviewing and ensuring that the proper safeguards are in place to protect the Personal Information collected by your school, organization or business unit.
Find your Information Steward here.