Calendar A-Z Index School of Arts and Sciences University of Pennsylvania

Finding Sensitive Data

Printer-friendly versionPrinter-friendly versionSend by emailSend by email

Sensitive data, sometimes called PII (for personally identifiable information) can be found in a lot of places it shouldn't be, which is part of the reason there is so much publicity about it.

PII may reside on your computer, or it may be in paper records. It can also be stored in the memory of printers and fax machines.

Some people need to use PII to do their jobs (payroll, for instance) and those people need to take extra precautions to make sure they're handling the data as securely as possible. (See My work requires PII.)

But many people have PII that they don't need: for example, it may reside in older troves of data because as recently as a few years ago, information-handling practices often used social security numbers (SSN's) as the main identifiers for students.

Your LSP can help you find PII that may be on your computer by running a specialized search tool called Identity Finder. We have found that in many cases, IDFinder locates sensitive data on the hard drive that the user didn't even realize was there. Plenty of people have told their LSP they had no sensitive data on their computer but willingly allowed IDFinder to be run anyway, and then were shocked at the number of "hits" it found. Some sources include old class lists and grade sheets that have been carried forward for years each time the user got a new computer; credit card numbers used in online purchases and cached (ie, stored) by a web browser; and traces of old Access databases that are no longer in use. There are others. Even if you think you don't have any PII on your computer, you probably do!