Cornell University is required by law to protect confidential information.
In accordance with University Policy 5.10, staff may not store confidential information on university-owned computers and other file storage spaces. If such information has to be stored, it must be properly secured.
Policy 5.10 defines Confidential (Level 1) Information as any:
- Social Security number
- Credit card number
- Driver’s license number
- Bank account number
- Protected health information, as defined by the Health Insurance Portability and Accountability Act (HIPAA)
Note: Stored copies of your own personal information do not fall under the requirements for safeguarding confidential information.
Please comply with Policy 5.10 by using the tools provided by the University to scan your files (including shared drives, external drives, etc.) for any confidential information.
Spirion (also referred to as Identity Finder) is used to scan for confidential data. This software is already installed on compatible systems. Please check to see if Spirion is already in place before attempting to install it.
Note: Scanning your files can take several hours, but you may continue to work while it runs. We recommend doing this at the end of the workday.
Scan on Windows
The Windows version of Spirion will scan cloud drives that are mounted on your computer.
However, Shared Files (typically S:), and Home Files (typically Z:) will not be scanned by default. To scan these locations right click on the drive/folder and choose Spirion Search in the Menu.
For full Windows instructions, see: https://it.cornell.edu/spirion/scan-confidential-data-windows
Scan on Mac/Apple Computers
The Mac version of Spirion will scan cloud drives and other data mounts on the computer.
For full Macintosh instructions: https://it.cornell.edu/spirion/scan-confidential-data-mac
Scan on Linux Devices
Mount the Linux drive on a Windows or Mac computer then use Spirion (Identity Finder) to scan the Linux drive on the Mac or Windows computer as described above.
If you have administrative rights on your system, you may also use Find SSNs, a tool developed by Virginia Tech for Linux systems: https://security.vt.edu/software/Find_SSNs.html
These tools may generate a certain amount of false positives; however, if you identify confidential information, please handle it as follows:
- Erase the information if it is not needed
- Edit the information as needed so that it no longer qualifies as confidential information
- If you need to retain the information, please contact the ITSG for help in identifying secure storage options.