Data scanning FAQ

Frequently asked questions about the project to protect confidential personal information

In the questions below, Social Security numbers and credit card numbers are referred to as "confidential numbers."

• Show all answers
• Hide all answers

1. What is the Data Scanning project?

Answer: The Data Scanning project requires that you confirm you have scanned your computer for confidential numbers and have addressed the results of the scan appropriately. You will receive an email from Yale's Training Management System (TMS) stating that you have a requirement to complete "Self Data Scan," which will explain how to fulfill the requirement. The requirement is fulfilled by Installing and running the Identity Finder software and Confirming in the Training Management System (TMS) that you have completed the requirement.

2. Why is Data Scanning necessary?

Answer: In its role as an educational institution, a research institution, and an employer, Yale must collect a variety of personal information about students and members of the faculty and staff. Social Security numbers (SSNs) are one of the most sensitive types of information holds because they can be the key to obtaining many other types of personal and financial data. Credit card numbers (CCNs) and Bank Account numbers are also highly sensitive as they can be used to make unauthorized purchases. Moreover, if an unauthorized person gains access to confidential numbers held by Yale, the University may have a legal obligation to notify the persons affected.

3. What is Identity Finder?

Answer: Identity Finder is a program that scans your computer for confidential information. Yale's configuration of the Identity Finder software scans your computer for Bank Account Numbers, Credit Card Numbers, and Social Security Numbers. If confidential numbers are found on your computer, the Identity Finder tool allows you to: Ignore a location or an identity match in the case of false-positives. Shred the file containing confidential information, which permanently and irreversibly removes the file from your computer. Scrub the identity match contained in a file, which replaces the confidential number found with "XXXXX" without deleting the original file.

4. How do I tell what version of Identity Finder I am running?

Answer: Launch Identity Finder. Click here to dowload the instructions available as a PDF.

5. What do I do if I discover files with confidential numbers?

Answer: If you discover files with confidential numbers, follow these simple guidelines: Delete files that you do not need and that you do not have an obligation to preserve (see question 17 below). If you must preserve the files, but the files no longer need to include confidential numbers, delete those numbers from the files. You can do this manually or use Identity Finder's "Scrub" option, which masks all but the last four digits of the number. If you believe that you must retain files with the confidential numbers in place, you must obtain permission to do so from your supervisor. You will need to place these files on a secure server, or your IT support provider will need to encrypt the files. Remember that to complete your training requirement, you must confirm with TMS that you have completed the "Self Data Scan"

6. What files are scanned?

Answer: Identity Finder for Windows and Macintosh will examine all files on your system for Social Security, credit card, and bank account numbers, including compressed files, email, email attachment, database files, and files stored on locally mounted drives.

7. What if I can't identify the file type of a file in my results?

Answer: Request assistance from your Support Provider to identify whether the file is an email mailbox. If you use Thunderbird, your local mailbox (without a file extension) may show up as a result of the scan. If it does—or you're uncertain whether it is your mailbox—select "Ignore" and complete the remainder of your remediation; then save the scan results file. Follow the procedure above for any file types for which you are uncertain.

8. Can I start deleting files or confidential numbers before the scan?

Answer: Yes. There is no need to wait for the scan if you know you have files with confidential numbers. Make sure to empty your Recycle Bin or Trash before running the scan.

9. What can I do in advance to prepare?

Answer: Review your stored data and delete old files you no longer need (and empty the Recycle Bin or Trash). Don’t forget to review your email attachments folder and delete attachments you no longer need and are not otherwise obligated to preserve. If others have used your computer in the past and you know that you do not need to retain the other users’ files, you can delete them before running Identity Finder. If you do this preparatory work, the scan will produce far fewer results and be easier for you to process. It is important to perform a backup of your computer prior to scanning. The scan itself won’t do anything to your data, but if you accidentally remove or shred a file as you process the results of the scan, the only way to retrieve the file will be through the network backup service, if you have an account and regularly use the service to back up your computer.

10. Am I able to perform the scan myself?

Answer: Yes; if you have administrator rights on your computer, you can perform scan yourself by following the instructions located in the software library. However, if you do not have administrator rights, you will need to contact your IT support provider to help you install the software.

11. Will someone help me with scanning my computer(s)?

Answer: It is the individual’s responsibility to scan the computers used for Yale-related work. Of course, your IT support provider can help you download and install the scanning software if you have trouble doing so.

12. How fast does Identity Finder search?

Answer: You can perform your scanning at any time, but it is best to consider running the scan overnight. Depending on how many files the scan identifies, reviewing and deleting confidential information may be time-consuming, so we recommended that you review the results at a time convenient for you.

13. How many times can I scan my computer?

Answer: You may rerun the scanning software as frequently as you wish.

14. Who will know the results of the scan?

Answer: Your supervisor will be aware of your obligation to perform the scan of your computer and whether you have confirmed in the Training Management System that you have performed the scan. However, unless you request the assistance of your IT service provider, only you will be able to review and respond to the data scan results. If you have any concerns about personal files on your computer, you should remove them before the scan takes place.

15. If I do not confirm that I have reviewed the documents and taken required action what will happen?

Answer: If you have not confirmed your actions via TMS, you will receive a reminder email. Further delay will result in a notification to your supervisor.

16. Will I be disciplined for having confidential numbers on my computer?

Answer: The purpose of the scan is to protect the personal information of students and employees, not to invade privacy or uncover wrongdoing. You will not be disciplined for failing to delete files that you received or created in the scope of your work at Yale. However, if a scan reveals that an employee has used his or her computer in violation of the law or in violation of Yale’s Information Technology Appropriate Use Policy, the University cannot ignore that information, and it will take the same action that it would have taken had the information come to light in any other circumstances.

17. Are there other types of documents that I have to preserve, even if they contain confidential numbers?

Answer: Yes, Yale remains subject to other document retention requirements, such as requirements governing research, medical, tax, and certain personnel records. Data retention rules take priority over data scrubbing and the removal of confidential information. If you have any questions about document retention requirements in relation to this project, you should email your questions to information.security@yale.edu, and you will receive advice on how to proceed.

Next →  Levels of information security at Yale