Frequently Asked Questions about PII Scanning

Here are some of the most frequently asked questions that we have received about Personally Identifiable Information (PII) scanning and the Spirion software (formerly Identity Finder).

Why are we doing this?

  • This is an ongoing Penn State initiative.
  • This will help to protect the associate, the college and the university from PII breaches.
  • This will save the college and units money.
    • Compromised computers have significant costs associated with them if PII is found.
    • There is significant time savings if the compromised computer has been recently scanned.

Am I allowed to keep my own personal information or my family's information on my computer

If there is a security breach, we still are required to follow standard review and notification policies. It is best if PII is not present.

Is there a home version of Spirion?

Spirion is only licensed for use on systems owned by the University.

What should I do if I have a PSU-owned computer at home?

Please contact IT Support about specific procedures for PSU-owned computers outside the office.

Will scanning affect my computer's performance?

  • Not significantly. You will be able to work on other things while scanning.
  • Your first scan will have the most data and will take the longest.

What is the scanning interval?

The scan will initiate automatically every three weeks.

After Spirion has finished scanning and has found potential PII, I don't know whether to click on Shred, Redact, or Ignore.  What do I do next?

The Spirion Search and Remediation for Windows and the Spirion Search and Remediation for Macintosh pages define the software action buttons and provide tips for scanning.

How does the software work?

  • The software is similar to antivirus software, scan definitions are being continually updated and improved which could reveal new PII findings.
  • The software scans the files on your computer looking for pattern matches that are thought to be PII.
  • Software updates may find PII not previously detected, therefore consistent scanning is essential.

Do we (AgIT or PSU Security) see your email messages or files?

  • No. Neither Ag IT nor PSU security will see your email, documents or browsing history.
  • A small summary of each finding (that is not PII) is encrypted and sent to a secure server to prove that remediation has taken place.

Are there penalties for not scanning?

  • Costs associated with compromised computers will be passed on the the unit.
  • There is the potential for financial penalties to the college and the university.
  • Associates may be subject to disciplinary action by his or her unit, the college or the university.

What should I do about Employer Identification Numbers being flagged as PII?

If the Employer Identification numbers are for an organization such as a 4-H club and not a person's Social Security number, you can tagged these findings with Ignore button. If the Employer Identification numbers represent Social Security numbers, you should Shred or Scrub these findings.

Where can I get more information about Spirion?

Additional information about Spirion is available at: