Identity Finder is a product that can locate and report where an organization is storing protected personal information (Level 1 data), such as social security numbers, date of birth, drivers license number, etc. The University is obligated by law and policy to adequately secure and protect the personal information of individuals it holds records for. To ensure that we are protecting this data, we will need to take an inventory of all University owned assets where this data may be stored. Identity Finder is the tool that the CSU and our University has selected to perform this task.
Information Technology Services (ITS) will install Identity Finder software on all university owned desktops and laptops starting on December 18, 2014. In accord with CFA and CSUEU agreements, faculty and staff must be provided with 30 days notice prior to the commencement of any scans for this data so that individuals can prepare their workstations, if they wish, by removing any protected personal information.
No action is required on the part of faculty and staff to install the software or conduct the scans. The results of the scan, without the actual data, will be sent to a central database administered by ITS. ITS will use the results of these scans to determine what sensitive data needs to be protected. If such data is found on your workstation, laptop or network drive, ITS will contact you with recommendations for safeguarding that data.
If you want to, you can run Identity Finder manually to discover and remediate any Level 1 data found on your computer. Instructions on how to use CSU East Bay's installation of Identity Finder can be found CSUEB Identity Finder End User Guide.
EmplIDs or CSU East Bay IDs (NetIDs) are not considered Level 1 data on their own. It is considered Level 1 if a combination of data such as EmplID, driver's license, and name all exist in the same report.
The CSU Data Classification Standard document can provide more information about data classification.
You can find the CSU Data Classification Standard here: 8065.S02 Data Classification
Typically, documents containing confidential data include Excel spreadsheets, Word documents, or database files. Look through the files on your computer, such as those in your "My Documents" (Windows) or "Documents" (Mac) folder to determine if you have any files of those types containing protected Level 1 information.
If you are still unsure whether or not you have protected Level 1 information on your desktop or notebook computer, please contact the Information Security Office at firstname.lastname@example.org for assistance.
The scan process will be completed for each University owned machine that you use.
Yes, all University owned assets will be scanned.