Access Keys:
Skip to content (Access Key - 0)

Q: A scan has found some sensitive data. What now?

On this page:

Answer

Check the user guides on how to shred, encrypt, or redact the file.

What if I don't have time to look through all the search results?

It is recommended to take some form of action to secure the files that may contain sensitive information. If you cannot do anything with the files at the time of the scan, you can secure the files using Spirion (formerly Identity Finder) until you can clean them up later. Secure is one of the actions available after a scan has completed and allows you to encrypt the files. See the user guides for more information.

Another option is to remove the files from the computer and put them on a safe device, such as a shared encrypted server. The goal is to not have any sensitive information stored where it does not belong or needs to be for business purposes.

Check with your IT administrator or supervisor if you are unsure about what to do with the found sensitive data files.

Who will know about the results of the scan?

This depends on your area's information protection or business procedures. If using the Enterprise version of the software, the Console will show if any files were found and what was done to secure the files. Unless you request the assistance of your IT service provider, only you will be able to review and respond to the data scan results. If you have any concerns about personal files on your computer, you should remove them before the scan takes place.

Will I be disciplined for having sensitive data on my computer?

The purpose of the scan is to protect the personal information of students and employees, not to invade privacy or uncover wrongdoing. You will not be disciplined for failing to delete files that you received or created in the scope of your work at MIT. However, if scans reveal that an employee has used his or her computer in violation of the law or in violation of MIT IT Policy, the Institute cannot ignore that information, and it will take the same action that it would have taken had the information come to light in any other circumstance.

Are there files I have to preserve, even if they contain confidential information?

Yes, check the records retention rules for particular documents or check with your supervisor on how to proceed.

Some files identified have no sensitive data in them. Do I have to delete them?

If none of the files contain sensitive data, you are finished with the scan. You do not have to delete such files.

If you haven't found the answer to your question on this page, try the Spirion (formerly Identity Finder) FAQ. Users of MIT-owned computers can download a copy of Spirion (formerly Identity Finder) via: http://ist.mit.edu/spirion/.

IS&T Contributions

Documentation and information provided by IS&T staff members


Last Modified:

December 04, 2017

Get Help

Request help
from the Help Desk
Report a security incident
to the Security Team
Labels:
c-idf c-idf Delete
identity identity Delete
finder finder Delete
encryption encryption Delete
c-spirion c-spirion Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.
Feedback
This product/service is:
Easy to use
Average
Difficult to use

This article is:
Helpful
Inaccurate
Obsolete
Adaptavist Theme Builder (4.2.3) Powered by Atlassian Confluence 3.5.13, the Enterprise Wiki