Private Information Management Initiative (PIMI)

The Private Information Management Initiative seeks to identify and reduce the amount of Private Information found on RIT computers and storage devices. (Private information is information that is typically used to conduct identity theft. It may include Social Security Numbers (SSNs), credit card numbers, driver’s license numbers, and bank account information.) Reducing the amount of Private Information (PI) will help safeguard the RIT community against identity theft and will help RIT comply with relevant state and federal laws.

Background

During the last few years, security breaches as well as private information compromises have become more frequent at organizations of all types. In response to this troubling trend, Dr. James Watters, Sr. Vice President for Finance and Administration, commissioned a committee in May 2009 to review all aspects of the collection, storage, retention, and destruction of SSNs on campus.

Goals

The committee recommended the implementation of a one-year PIM Initiative program with the following targeted results:

Increased awareness of the importance of safeguarding all private information, not just SSNs
Increased awareness of the existing RIT policies that address private information
Increased sense of individual accountability and responsibility in the area of policy compliance surrounding private information and a related understanding of the consequences for noncompliance
Effective destruction of non-approved and unnecessarily retained private information (paper and electronic forms) from business units and employee offices
Integration of the Records Management Policy into everyday employee activities

The RIT Information Security Office is leading this initiative.

Representation

The implementation of the Private Information Management Initiative requires the assistance of project team representatives from each college and division. The representatives include:

An Information Steward/Management Representative who will receive reports detailing the location of Private information and will lead remediation efforts of Private information found in electronic and hard copy forms.
A Technical Representative who will assist in inventorying computers assigned to the respective college or division and will assist the Information Steward/Management Representative in remediation efforts.
Current list of representatives (internal access only)

What to Expect

The RIT Information Security Office is working with RIT organizations to identify the location of SSNs and other Private Information.

The RIT Information Security Office is providing a software tool (Identity Finder) that will scan the computer and attached drives to determine if they contain Private information. When Identity Finder finds suspected Private information, it provides a report to the computer user and the RIT Information Security Office. The software also provides the computer user with tools to erase (shred) the information securely or to remove (scrub) the private information from the files. Scans will be initiated by the Identity Finder server in the Information Security Office. Computer users may also initiate and on-demand scan at their convenience. Identity Finder is licensed for use on RIT-owned computers and is currently available for Windows. The Mac version is undergoing final testing and should be available in early 2011.

Because of the size and complexity of RIT, Identity Finder will not be made available to everyone at the same time.A link to the current deployment schedule is provided below.

For More Information

For more information, contact your PIMI representative.

Ben Woelk
PIMI Project Manager
585.475.4122
ben.woelk@rit.edu