Computers storing more than 500 PII (Personally Identifiable Information) records
Stanford University currently defines PII as social security numbers and credit card numbers present on personal or Stanford owned laptops and desktops. The following site has more information:
Sensitive data can be detected with software such as Identity Finder which scans emails, files, attachments, browser data and operating system files.
The steps you need to take if your computer has Stanford PII include:
- If possible, copy the PII data from your personal machine to a departmental resource, and then delete any copies on your personal system.
- Encrypt your entire hard-drive using the Stanford SWDE tools. SoE Faculty and Staff can utilize the SoE IT Security Team to help with this process.
Why you need to act now?
The following deadlines apply to computers with PII as per Randy Livingston’s email from February 13, 2014:
“SWDE must be in place on all devices storing more than 500 PII records by July 31, and with more than 10 PII records by November 30. PII belonging to the device user and family members, such as would be found on copies of an individual's tax return, will not be counted under this requirement.”
The security mandate can be viewed in its entirety on the following page:
How do you verify the presence of PII records on your hard drive?
If Identity Finder is not installed on your computer already, download from the following site:
Install the software, close all applications and launch Identity Finder from the start menu. You will be prompted to enter and confirm a password for protecting your report file. After the Identity Finder scan completes, you can see the file in which the records are contained and the records meeting PII criteria.
What do you need to do if PII records are found on your hard drive?
If the software reports more than 500 PII records then you must take action to delete the data from your computer to keep it secure in case of unauthorized access to your hard drive (hacking) or encrypt your entire hard drive to protect all data, if your computer and/or hard drive is stolen or lost.
PII data eradication
When Identity Finder software finds PII records, verify that the data is indeed PII and not personal or your family’s information (tax records etc.). You will be prompted to delete (Shred) the information from your hard drive. You may choose to delete the data using the software or remove it from the computer manually. Caution: deleted data can never be retrieved. The Identity Finder software has to be run again after you take appropriate actions to determine if your computer is in compliance.
PII data protection
If you need to or choose to retain the PII data on your computer, you must encrypt your drive using Bitlocker (Windows platform) or FileVault 2 (Macintosh platform) along with SWDE functionality. The SoE IT Security Team can perform the encryption, for SoE Faculty and Staff, while ensuring data backup and security mandate compliance.
Who should you contact for assistance?
Students can obtain more information at the following website: https://itservices.stanford.edu/service/encryption/wholedisk
SoE Faculty and Staff should contact Mahesh Bhavana, SoE IT Security Project Manager by email at firstname.lastname@example.org or by calling 650-736-1207.