Information for LSPs and System Administrators: How to Install and Use Identity Finder in UVa Departments
Different departments will use Identity Finder in different ways. Being knowledgeable about your own department's data stores and data usage will greatly assist you in deploying Identity Finder.
Table of Contents
If you are using Identity Finder for purposes of ongoing Social Security Number remediation, see the SSN Initiative Policy page for background and guidance.
Work with your department chair or administrator in planning any Identity Finder searches, as well as in communicating with faculty and staff about search policy and procedures.
Identify all equipment to be searched, including laptops, workstations, servers and media.
Choose a strategy of either local installations or a centrally managed installation. Identity Finder can be installed and run on users' computers
or installed on a server and configured to search remote computers. Depending on your department's preferences, you may install it for the user,
or the user may install it. Regardless of installation strategy, the Identity Finder report must be reviewed by the file/data owner to assess and
remediate personal and University-owned sensitive data.
Note: When conducting remote searches, hidden Web data, email messages, and email attachments will not be searched. If Outlook is installed on the source computer, however, then Identity Finder will search local .pst and .ost files. A wired connection works best for network stability. In order to be scanned, external storage (USB thumb drives and external hard drives) should be attached to the computer while searching. If you manage a departmental server, you should run Identity Finder on the server in consultation with your department chair.
Departments must determine what to do with any sensitive data found, based on the SSN Policy, the Records Retention Policy, and all other applicable policies. Identity Finder can shred data or quarantine it to either a local drive or a server. “Shred” is a secure delete that overwrites data being deleted. “Quarantine” means the data is moved to a new location and shredded in the old. Identified documents may also be “redacted” with the document itself retained, but the sensitive data removed.
Departments must inventory all sensitive data that is retained on the department's equipment.
A department's scans should be documented with 1) the date of the scan, 2) the user performing the scan, and 3) the actions taken to remediate the identified highly sensitive data. Management should review the documentation to ensure scans are properly completed as scheduled.
Example: Using the Identity Finder client
* When users run their periodic scans, they can print their initial scan results (making sure not to display the full details of any highly sensitive data).
* If remediation is required, they can re-run the scan following remediation and print the “clean” scan results.
* Any print outs should be signed and dated.
* Management can periodically review these documents to confirm that both scanning and remediation have been completed.
Example: Using the Identity Finder console (in pilot), departments can manage their users’ scans centrally, including tracking scans completed and remediation done.
Get information about the default configuration of UVa's version of Identity Finder.
Download and install the Installer File.
Run Identity Finder. Plan your time appropriately, given the amount of data to be scanned. Interpret the report from the scan.
Based on the report, determine the location and ownership of affected files, and contact file owners. If file ownership cannot be ascertained, or the owner has left the University, consult with the department chair or administrator.
The department will advise file/data owners regarding destruction, redaction or secure retention of data.
Version 3.3.0 will not search files without filename extensions. Furthermore, files with no extensions cause Identity Finder to skip the entire directory in which they reside. Identity Finder 3.4.0 fixes this problem.
Mapped network drives and network shares including UNC shares will not be searched by default when selecting “My Computer.”
The searching of Thunderbird email and MBOX files is supported if using version 4.x.
For an ITS-managed departmental server, the LSP involved should coordinate with the appropriate ITS group (Microsystems or UNIX Systems) to develop a strategy that suits the specific needs of the department.
System administrators should review access privileges on network shares, before users start searching for personally identifiable information.