Identity Finder is a software suite that can help locate sensitive information such as credit card or social security numbers that is stored on computer hard drives or on networked storage.
On March 1, 2010 Massachusetts regulations went into effect requiring that personal information in both electronic and physical form be protected. Personal information is defined as a person’s first and last name (or first initial and last name) in combination with one of the following: social security number, state ID number (drivers license number, for example) or a financial account number. Scanning computers locates this personal information and allows us to remove any that is not required.
OIT will install the software for you remotely. Contact OIT at 617-636-0331 or via e-mail at OIT@tufts.edu.
For instructions on scanning your computer and managing the results of the scan, please visit the Guide to Running Identity Finder
The program, which is named “Identity Finder” will be located under your Start Menu and the icon is a representation of a blue dog on a gray background.
All information stored on your computer and your P: drive will be scanned, including but not limited to: documents, email, email attachments, spreadsheets, PDFs, and databases.
The program has been tuned to only use a portion of the computer’s resources, but it will slow down your computer noticeably while the scan is running.
Identity Finder is searching for the following information; Social Security Numbers, Credit Card Numbers, Banking Account Numbers, Driver’s License Numbers. These items in correlations with other personal information are protected by MA 201 CMR 17.
The Responsible Use of Institutional Systems Policy states:
“Use of institutional systems is not ultimately private. While Tufts does not routinely monitor individual usage of resources, normal operation and maintenance of resources requires logging of activity, backup and caching of data, and other activities necessary to provide services and ensure adherence to laws and regulations.”
The results of the scan will appear within the Identity Finder program for you to act upon and logs of the data that was found and what actions were performed will be delivered to the Information Steward responsible for your area.
The collected information, which includes the folder location, file name and last four digits of the number, will be stored on the Identity Finder Server.
No, OIT will only have access to the reports, which only include file location, filename, and the last four digits of any numbers located.
The information in the report will include the folder location, file name and the last four digits of the number that was located.
The results show the E-mail client name (i.e. Thunderbird or Outlook), the name of the folder, and the subject of the e-mail message, or the name of the attachment.
If sensitive data is located on your system, the Information Steward will work with you to determine whether this information is necessary for the performance of your job and should be retained and protected, or removed.
Yes, Identity Finder will allow you to securely delete your data via the “shred” feature. The “shred” option will completely eliminate your data and make it unrecoverable, so this option must be used with caution. More information regarding the use of Identity Finder can be located in the Guide to Running Identity Finder:
If there is data that you believe must be retained please contact your manager or your Information Steward to discuss how this information should be protected. For laptops, this will include encryption of the entire computer, which will be coordinated with your Information Steward.
After the initial scan is run the frequency of future scanning will be determined by the Information Stewards based on the findings of the first scans and the usage patterns of the system.
Please contact your manager, Information Steward, or OIT if you have questions or concerns
If you would like to request to opt-out, please contact your manager, who will discuss any concerns with the Information Steward.
Any computers at risk to have sensitive information will be scanned. At the moment, Identity Finder is only licensed for Tufts owned computers.
No, Macs and PCs will be scanned via Identity Finder using the same method.
Your home computers will not be scanned, but they are subject to the same data privacy laws and should not be used to store sensitive information. If you have concerns that you may have sensitive information on your computer, please contact your Information steward. UIT has licensed the Home version of IdentityFinder for all Tufts students, faculty, and staff. We encourage you to use the home version on your personal computer to help locate sensitive information so that it can be protected or removed (if no longer needed). You may obtain a copy of the Home version of IdentityFinder on the Guardit website at https://wikis.uit.tufts.edu/confluence/display/idfinder/Home+Edition .
Netbooks that use Windows as an operating system will be scanned, but Smartphones, and other mobile devices such as iPads cannot be scanned nor fully secured and should not be used to access or store sensitive information. If you believe that you do have sensitive information on a mobile device, please locate it and securely remove it. If you have questions, please contact OIT.
Contact OIT for assistance in shredding files if you are unable to perform this action through Identity Finder.
If Identity Finder locates Personal Information in an e-mail message, please do not act upon the message from within Identity Finder. A risk of mailbox corruption exists if you choose to “Recycle” or “Shred” the message from within the Identity Finder program. In order to delete these messages, please open up your mail client (Mozilla Thunderbird, Microsoft Outlook etc.), locate the message and delete it. Please make sure to empty your trash folder or use the “compact folder” option to make sure the e-mail has been completely removed.
If you have a computer that is shared among several users, or was primarily used by someone else, it may have files on it to which your account doesn’t have access. Identity Finder scans use the access rights of your user account, so you may need to contact OIT in order to scan the entire computer.