On This Page:
Identity Finder is a program that locates sensitive data (e.g., Social Security Numbers, credit card numbers) on desktops, laptops, servers, and other media. Identity Finder helps you inventory the sensitive data on your devices, making it easier to secure or remove data, and take the appropriate steps in case of a data security incident.
If you have any questions about what types of data constitute a positive result, or are concerned sensitive University data may still be present on your computer, contact your supervisor or the IT Help Center. Note: When contacting the IT Help Center, please do not include the original documents or excerpts from the original documents that may contain potentially sensitive data.
Identity Finder will find numeric data, including:
- Social Security Numbers
- Credit Card Numbers
- Bank Account Numbers
- Payment Card Information (e.g., account numbers, electronic statements)
- Passwords and PINs
- Dates of Birth
- Driver License Numbers
- Canadian Social Insurance Numbers (SINs)
- Australian Tax Finder Numbers (TFNs)
- United Kingdom National Insurance Numbers (NINOs)
- United Kingdom National Health Service (NHS) Numbers
- Passport Numbers
For a complete list, see the Identity Finder Web Site.
Identity Finder will not find:
- UMass-specific numeric data (e.g., SPIRE ID numbers, employee ID numbers)
- More complex, non-numeric sensitive data (e.g., student grades, patient names)
- Data that in some contexts is considered sensitive, while in others, it is not (e.g., a date may be a birth date or not)
Be aware that sensitive University data may be present on your computer even if an Identity Finder scan does not yield positive results.
A false positive is information Identity Finder categorizes as sensitive data when, in fact, it is not. Common false positives include:
- Phone numbers with a missing digit (i.e., 9 digits instead of 10 digits), which may be interpreted as 9-digit Social Security Numbers
- Internet cookies and other identifiers
- Random dates or strings of characters
- Your personal sensitive data (e.g., tax returns, bank account numbers, and other financial information)
After Identity Finder finishes scanning your computer, there are several actions you can take. To perform any of these actions, select one or more results and click the appropriate button on the Identity Finder toolbar:
- The Shred feature deletes files from your computer permanently and securely. Once a file shredded, it cannot be recovered.
- Use the Shred option for all sensitive data you no longer need.
- IT does not recommend the Shred option for email messages as this may affect the setup of your email account.
- If you have any questions about which sensitive data you should remove, contact your supervisor.
- The Ignore feature flags files so they are not included in future scans.
- Use this option only when you are absolutely certain the information flagged by Identity Finder is not sensitive University data.
- If you have any questions about whether or not a specific piece of information should be ignored, ask your supervisor.
- For information on how to reset ignored files so they are once again included during scans, check Identity Finder’s Help documentation.
Secure (not recommended)
- The Secure option password-protects and encrypts your files. Once a file has been secured, you will only be able to access it through the Identity Finder interface.
- UMass Amherst IT does not recommend this option. Identity Finder passwords cannot be reset. You will lose access to any files secured in Identity Finder if you forget your password.
- Contact your department's IT Administrator or the IT Help Center to discuss secure storage alternatives for your data.
- Know what constitutes sensitive data at UMass Amherst, in particular the types of data available in your department.
- Never send potentially sensitive data via email to the IT Help Center or anyone else. For any sensitive data-related questions, talk to your department supervisor or call the IT Help Center.
- Your department's business requirements will drive which data needs to be retained. Talk to your supervisor about the sensitive data you should keep and the secure storage options available in your department.
- UMass Amherst IT strongly recommends that faculty, staff, and students transfer all sensitive data from laptops and portable storage media to more secure alternatives, and physically secure all areas where sensitive data is stored (e.g., locked cabinets).