Q: Spirion - A scan has found some sensitive data. What now?
On this page:
- Answer
- What if I don't have time to look through all the search results?
- Who will know about the results of the scan?
- Will I be disciplined for having sensitive data on my computer?
- Are there files I have to preserve, even if they contain confidential information?
- Some files identified have no sensitive data in them. Do I have to delete them?
- See Also
Answer
Check the user guides on how to shred, encrypt, or redact the file.
What if I don't have time to look through all the search results?
It is recommended to take some form of action to secure the files that may contain sensitive information. If you cannot do anything with the files at the time of the scan, you can secure the files using Spirion until you can clean them up later. Secure is one of the actions available after a scan has completed and allows you to encrypt the files. See the user guides for more information.
Another option is to remove the files from the computer and put them on a safe device, such as a shared encrypted server. The goal is to not have any sensitive information stored where it does not belong or needs to be for business purposes.
Check with your IT administrator or supervisor if you are unsure about what to do with the found sensitive data files.
Who will know about the results of the scan?
This depends on your area's information protection or business procedures. If using the Enterprise version of the software, the Console will show if any files were found and what was done to secure the files. Unless you request the assistance of your IT service provider, only you will be able to review and respond to the data scan results. If you have any concerns about personal files on your computer, you should remove them before the scan takes place.
Will I be disciplined for having sensitive data on my computer?
The purpose of the scan is to protect the personal information of students and employees, not to invade privacy or uncover wrongdoing. You will not be disciplined for failing to delete files that you received or created in the scope of your work at MIT. However, if scans reveal that an employee has used his or her computer in violation of the law or in violation of MIT IT Policy, the Institute cannot ignore that information, and it will take the same action that it would have taken had the information come to light in any other circumstance.
Are there files I have to preserve, even if they contain confidential information?
Yes, check the records retention rules for particular documents or check with your supervisor on how to proceed.
Some files identified have no sensitive data in them. Do I have to delete them?
If none of the files contain sensitive data, you are finished with the scan. You do not have to delete such files.
See Also
If you haven't found the answer to your question on this page, try the Spirion FAQ. |