Data Clean Up

Data Clean Up

Eliminating confidential data stored on Cornell and personal machines will reduce the risk that the data will be misused causing loss of reputation and financial liability to Cornell University.

Data Clean Up Goals

  1. Scan all computers, devices and shared file server space for confidential data. Manually inspect files for confidential data that may not be found by automated scanners.
  2. Eliminate or properly secure all confidential data to reduce risk of data misuse. Report any remaining confidential data to tech support*.
  3. Twice a year, attest that you have completed your inspection, and if any confidential data was discovered, it has been deleted or appropriately secured.

*SSIT must maintain a registry of any systems that continue to store confidential data.

How Do I Get Started?

  1. If you don't already have Spirion (was Identity Finder) on your machine, please submit a ticket to let us know.
  2. Put time aside on your calendar to set this up. Start the Spirion scan when you leave for the day. When you return the next morning, spend 30 minutes to an hour purging everything you can.
    -Identity Finder Instructions for PC
    -Supplemental instructions - how to have Identity Finder scan your email and/or select special mailboxes (EGAs) - PC only
    -Spirion Instructions for PC
    -Identity Finder Instructions for Macintosh
  3. Coordinate with co-workers to not duplicate effort on shared file storage space. Consider having a departmental plan to clean things up.  Retention policies are you friend.
  4. Manually inspect files that may contain confidential data but were not identified by the Spirion scan.
  5. If you know there is confidential data in a file, consider shred/redact the file or at least the sensitive information it contains or move it to a secure file server. If you must retain the information for business reasons and the secure file server isn't sufficient, please submit a ticket to request assistance with securing the data.
  6. Make sure you scan all computers, removable media, external drives, cloud storage, devices and shared file server space for confidential data. Manually inspect files for confidential data that may not be found by automated scanners. 
  7. Attest that you have completed your cleanup effort no later than your departmental deadline. Your link to the attestation is unique to you and can be found in the email sent to announce this effort (subject line: Data Clean Up Effort and Attestation).

 

Considerations

What is confidential information?
Cornell University Policy 5.10 - Security of Electronic University Administrative Information, identifies the following data elements as “confidential information” when they appear in conjunction with an individual’s name or other personal identifier:

  • Social Security numbers
  • Credit card numbers
  • Driver's license numbers
  • Bank account numbers
  • Patient treatment information

What is the data retention policy for your business data?
Consider removing data that is older than regulations require.

Who owns or is responsible for the data?
Pay attention to data that may be orphaned by former co-workers or programs that have ended or no longer exist. Is there still value to retaining this data?

When was the last time the information was used?
Consider whether to keep information from old programs that are no longer in existence. Are there files on a shared server left over from former co-workers that can be reorganized or deleted?

Is the information duplicated or does it exist in other locations or systems?
Consider consolidating information so it is stored in only one place. This will allow for better data organization and reduce the time spent searching for relevant information. TIP: Removing old, unnecessary and unused data from your machines first will reduce the amount of time and effort required to clean up and secure confidential data.

If you lost the data, what would mean to the continuation of business?
Delete files you may never use. Pressing delete is just as difficult for digital hoarders as throwing items in the trash can is for traditional hoarders. Consider whether the data would actually be necessary to continue business versus feeling that the data might "someday" be useful.

What if I accidentally delete something I need?
Most computers and servers are backed up nightly. Submit a ticket with the deleted file name and it's previous location. It will be restored by tech support as soon as possible. Files can be retrieved for up to 3 months from date of deletion.

Need answers to questions or assistance with data clean up?
Submit a ticket at https://ssit.scl.cornell.edu/submit-tickets.