Frequently Asked Questions about Scanning of Publicly-facing Folders on IS&T-supported File Storage Systems
Keeping sensitive data safe from inappropriate access and accidental disclosure is of utmost importance to MIT and our community. Inadvertent disclosure of regulated data periodically happens through improper permissions. Some information that is considered sensitive data requires special care and handling. Inappropriate handling of the data could result in penalties, identity theft, financial loss, invasion of privacy, or unauthorized access by an individual or many individuals. Our proactive scanning of publicly exposed files is intended to help protect our community from these events.
You can find out more about how to protect MIT, as well as your own personal data, here: http://infoprotect.mit.edu/
Regulated data includes Protected Health Information (PHI), social security numbers, student education records, financial account numbers, and data subject ot United States export control or trade embargo regulations. To find out more about data protection and classification at MIT, please visit http://infoprotect.mit.edu/what-needs-protecting
In this case, it means that the file or folder security settings are set to public instead of private. For MIT Dropbox and OneDrive this means files within folders that have been shared externally to MIT. For MIT AFS this means directories that have system:anyuser OR system:authuser read or higher permissions granted.
Set your file or folder security to private, and don’t store regulated information on AFS, Dropbox, or OneDrive systems. Learn more about how to protect your personal data here: http://infoprotect.mit.edu/your-personal-data
IS&T will consult Office of General Counsel and reach out to the owner to have the information removed from the publicly-facing folder.
You can find out more information on our Knowledge Base about best practices for storing information while using these systems.
IS&T is using a custom tool for AFS scanning, and is working to identify a tool for Dropbox and OneDrive scans.
Currently, daily scans of AFS are taking place. Scans of Dropbox and OneDrive are scheduled to begin by June 2018.
If you have any questions, please contact, John Charles, VP IS&T at firstname.lastname@example.org.