Scanning for PII – Personally Identifiable Information

Posted: March 17, 2015

Scanning for personally identifiable information (PII) and removing it when found avoids embarrassment and expense and it also happens to keep you within university policy and guidelines!

It seems like every week or two we read that some company or institution has suffered a data compromise, and personally identifiable information (PII) has been stolen.  To the organization that allowed their systems to be compromised, and to the people whose data was stolen, the nightmare begins.  The goal at Penn State is to get that private data removed from office computers to avoid the headaches of data loss and its accompanying expense. Though we have had procedures and tools in place for many years, now is again a good time for a reminder to current employees, and what may be new information for new faculty and staff.

Penn State policy requires that all University-owned computers be routinely scanned to identify and remove personally identifiable information (PII). With the newest versions of Identity Finder (IDF), all computers in the College should be automatically scanning for PII every three weeks.  But, scanning is only half of the job – dealing with the results of the scan is just as important.

In almost every instance a scan will return suspect data – information that appears to be PII.  Occasionally there will be true PII – a credit card number or perhaps a Social Security number – and you should identify that from the scan results and shred or scrub that document.  Other data may appear to be PII, but as you review your results, you may determine that it is a false-positive – a zip code or ISDN number perhaps.  These numbers you can safely select and ignore.

When you have remediated and closed Identity Finder you have met your obligation – but only for that specific period.  In another three weeks Identity Finder will scan and present results again, and it is equally important this time as it has been before for you to review the results and shred, scrub or ignore.

Attentive use of Identity Finder protects you, protects Penn State and protects the people whose information you might have.  It isn’t just a policy; it’s a good idea, too!

More information on Identity Finder can be found on this web page:

or you can contact your AgIT Consultant.

Also, watch for an email announcing an IDF 101 class that Ag IT is planning to offer in the next couple of months.