Keeping sensitive data safe from inappropriate access and disclosure is of the utmost importance. Virginia Tech has many policies, procedures, and standards in place to protect sensitive data. It is the responsibility of everyone handling sensitive data from Virginia Tech to be familiar with these policies, procedures, and standards. It is important to find out what sensitive data you are handling and what steps are needed to protect it.
There are 6 specific data elements that Virginia Tech has protected with the “Standard for Transmitting and Storing Personally Identifying Information” The data elements covered under this standard include:
Virginia Tech does not typically use Social Security numbers in its daily operations. It is important to recall that Virginia Tech formerly used Social Security numbers as identification numbers. What files might you have that would contain the “old ID numbers?”
Technology has allowed people to become digital packrats. It is not uncommon for people at Virginia Tech to have files that dating back years. It can be challenging locating sensitive information among the large array of files and file types.
Scanning for SSNs and credit/debit card numbers with one of the tools designed for this purpose is a good way of finding portions of covered data. Some notes may be helpful:
All scanning tools will generate “false positives”—that is, strings of numbers that match possible SSNs or credit card numbers, but are something else entirely. False positives may be:
Remember to use common sense about removing SSNs and credit/debit card numbers.
To help discover sensitive data, Virginia Tech has purchased a site license for Identify Finder. Identity Finder is commercial software that can help discover and mitigate sensitive data. Identity Finder is available to Faculty and Staff at Virginia Tech.
Data Exposure - Data Exposure Guidance (PDF | 399KB)
The IT Security Office strongly encourages faculty and staff can download the Windows or Mac version of Identity Finder at http://network.software.vt.edu. This is an important step to identity information that needs to be protected.
Finding and protecting sensitive data can be challenging. FIND_SSNs is a tool developed to help discover sensitive data on systems. Find_SSNs searches for U.S. social security and credit card numbers. It may help individuals and organizations find sensitive numbers in files on computers. more info
The complexity of Virginia Tech’s IT systems offers a special security challenge to those who manage them. Virginia Tech’s IT professionals are charged with helping the student population as well as the faculty and staff. IT Professions constantly need to keep current on system vulnerabilities to know how to keep system assets and data secure. more info