• F&A Home
• Search
• A-Z Index
• Directories
• MyRIT

• Students
• Faculty & Staff
• Systems Administrators Resources

• Resources
• Alerts/Advisories
• Digital Self Defense
• Safe Practices
• Projects & Services
• Standards & Policies
• Forms
• About Us/Contacts

Private Information Management at RIT

Private Information Handling Table | Private Information Management FAQ
End User IDF Guide for Windows | IDF demo | Reps

Private Information Management at RIT is an initiative to identify and reduce the amount of Private Information found on RIT computers and storage devices. (Private information is information that is typically used to conduct identity theft. It may include Social Security Numbers (SSNs), credit card numbers, driver's license numbers, and bank account information.)

Reducing the amount of Private Information (PI) will help safeguard the RIT community against identity theft and will help RIT comply with relevant state and federal laws. The RIT Information Security Office is working with RIT organizations to identify the location of SSNs and other Private Information on campus for mitigation. The Information Security Office will work with each area across campus. Considering the amount of data processing and storage capabilities at RIT, this will take some time to complete.

The RIT Information Security Office (in cooperation with various campus support organizations) will provide a software tool (Identity Finder) for RIT computers that will scan the computer and attached drives to determine if they contain private information. When the Identity Finder software finds suspected Private information, it provides a report to the computer user and the RIT Information Security Office. The software also provides the computer user with tools to erase (shred) the information securely or to remove (scrub) the private information from the files.

Why is RIT doing this?

The last couple of years have seen increased scrutiny and legislation regarding the use and storage of Private Information by businesses and other institutions. As of July 14, 2009, Privacy Rights Clearinghouse estimated that more than 260 million records involving sensitive information had been disclosed in security breaches since 2005. Many of these breaches occurred at institutes of higher education. Because of these data exposures, many universities are re-examining how they handle information and where Private or Confidential Information resides.

Although many computer users at RIT do not believe their computers contain Private Information, a pilot program conducted within one RIT college found numerous instances on RIT computers. Many of the pilot participants were unaware their computers contained this information.

Exactly what does the software look for?

It's important to realize that no one at RIT is viewing the actual content on your computer. The software program scans for Private Information based on specific patterns of numbers and reports the location of suspected Private Information to you and to the Information Security Office through a secure connection.

The RIT Information Security Office will inspect the results of the scan only to ensure that the information reported is, in fact, private information. The Information Security Office will provide reports on the location of Private Information to Divisional VPs and Deans (or their representative) to ensure the information is either eliminated or handled in accordance with the Information Access and Protection Standard (http://security.rit.edu/iap.html).

RIT is authorized to scan computers using the RIT network in order to protect the RIT community. See the Computer Code of Conduct and Network Use and the Privacy Policy.

What if there is Private information found on my computer?

The Identity Finder program allows you to "remediate" the information within the Identity Finder program. You may "shred" (securely erase the file) or "scrub" (securely remove/redact the PI from the document). You should not need technical support or additional software tools.

The RIT Information Security Office has provided instructional materials to assist you in determining how to treat Private Information that may be found on your computer or attached drive and how to use the new Identity Finder program. Visit the links below for more information.

Identity Finder may find your own Private Information on your computer (typically in copies of tax returns, old resumes, forms, etc.). Please redact or remove your own Private Information from your computer to safeguard it.

Links

• Private Information Handling Table
• Private Information Management FAQ
• End User Identity Finder Guide for Windows
• End User Identity Finder software demo (requires Adobe Flash)
• Technical and Management Representatives (Internal)
• Administrator resources may be found on the RIT Information Security wiki

Last Modified: 10.01.2009 Copyright © 2000 - 2009 Rochester Institute of Technology Contact Webmaster Privacy Statement