Identity Finder and Personally Identifiable Information (PII)

Introduction

Identity Finder is a tool to scan personal computers and servers for personally identifiable information (PII). 

PII is defined as personal or university information that may be considered potentially damaging if accessed by unauthorized individuals. PII includes social security, credit card, bank account numbers and passwords. Wesleyan considers it a top priority to protect the privacy of our students, faculty, and staff.  Identity Finder provides us with an additional tool to help ensure that protection.

Employees should share confidential data only when there is a clear business need, such as processing of financial aid packages, payroll, tax forms, benefits administration etc.  Any sharing of such data should be done in a technically secure manner with full adherence to the applicable regulations as laid out in Gramm-Leach-Bliley, FERPA and HIPPA Acts.  PII should never reside unencrypted on personal computers, laptops, tablets or cell phones.

PII Abatement Actions after Identity Finder Scan

The computer’s owner must review the results of the scan and decide what to do with the found PII.  

Recommended Actions are as follows:

  • If there is no outstanding business need, delete the PII.
  • If your department head determines that there is an outstanding business need, move data to a protected directory on Wesfiles.
  • If the data has recently been loaded onto your computer through a standard business process, alert your department head and a new business process that would not load the data to your local hard drive.
  • If you store passwords on your computer, it is important that you create a digital encrypted vault.  There are instructions on how to create a digital vault using MicroSoft Excel with encryption.  If you wish to use Evernote, please consult your desktop support person. 
  • It is important that you and your department regularly schedule and review scans.

Cardinal Technologies Service Center and PII

In addition to being scanned for viruses, all data being copied to new or reimaged machines will be scanned for PII.  If PII is found, the steps outlined above will be taken in consultation with the computer owner/user.  These PII scans are important to protect the privacy of our students, faculty and staff.  

 

Please see the attached documents:

Personally Identifiable Information Scan Permission Form

Using Identity Finder