Follow these instructions to delete or secure personal information.
1. Locate personal information identified on the log.
2. If you don't need a file with personal information, delete it.
3. If you can’t delete a file, secure the personal information.
1. Locate personal information identified on the log.
Your goal is to look at each file shown on the log and determine how best to handle it. Digging through the log takes some time. Spider will identify some false positives, that is, files that do not actually contain personal information.
Every effort should be made to verify Spider's results before deleting, moving or encrypting files.
When you find files with Social Security, payment card or Arizona driver’s license numbers, continue to the next section below.
WARNING: The Spider log file can point directly to some very sensitive information. As a result, the log file must be deleted when you have finished searching it to ensure it is not used by an unauthorized person.
Spider for Macintosh is a beta test version that effectively locates files containing personal information but can produce a number of false positives. It does not include a log viewer. The scan results appear in a log file that the user must open directly and refer to while searching manually for each file. By default, the log file opens in Console, a utility that displays log files. Examples of the logs as they appear in Console and Microsoft Excel are shown below.
-
The following example demonstrates how the log information will appear in Console.
- The first item on each line is the path, or the location, of the file. Toward the end of each line, the type of number Spider identified is indicated. There may be more than one type of number listed.
- Using the file path given in the text file, locate the file on your computer. Click here for instructions on locating files.
Open the file.
- Determine whether it contains personal information.
- CONTINUE to 2 or 3 below.
- The following is an example of an Excel spreadsheet with an imported log file:
- Column A is the path, or the location, of the file. Column C displays the type of number Spider identified. There may be more than one type of number listed.
- Using the file path given in Column A, locate the file on your computer. Click here for instructions on locating files.
- Open the file.
- Determine whether it contains personal information.
- Delete a line in the spreadsheet by right clicking and clicking Delete.
- CONTINUE to 2 or 3 below.
2. If you don't need a file with personal information, delete it.
IMPORTANT NOTE: If you have received a preservation notice (litigation hold letter) from the Office of the General Counsel, contact the Office of the General Counsel before making any changes.
Return to Step 2 for information on how to determine whether to retain or dispose of a file. You must have a business need to store personal information. If you can access the personal information from the official source when you need it, dispose of it.
Be careful not to delete system (application or program) files.
To delete a file:
- Drag an item's icon to the Trash (in the Dock), or select the item and press Command-Delete.
- Click the Finder menu > Empty Trash.
Click here for additional information on deleting files.
Deleting a file and emptying the recycle bin does not actually remove it completely from the computer's hard disk. Consider using a secure file deletion utility to erase the files from your computer’s hard drive immediately. See the File Deletion Guideline for instructions. Be careful when using a file deletion utility because the files cannot be recovered once deleted.
3. If you can’t delete a file, secure the personal information.
Personal information should be retained only if there is a business need for it. If you can access the personal information from the official secured source when you need it instead of keeping it yourself, dispose of it.
Select from the following options:
- Option A: Transfer files with personal information to a CD, DVD or flash drive and physically secure it
- Option B: Separate the number from the associated name
- Option C: Truncate the number to the last four digits
- Option D: Replace all but the last four digits with filler X's
- Option E: Encrypt personal information
NOTE: As of Fall 2008, SID numbers that are the same as SSNs are no longer in use. If you must store lists or reports with SID numbers from earlier semesters during the record retention period, be sure to secure them with one of these options.
Option A: Transfer files with personal information to a CD, DVD or flash drive and physically secure it
Write files containing personal information to a CD, DVD or flash drive and secure it behind a locked door or in a locked file cabinet.
Delete the files from your computer, then empty the computer trash folder or recycle bin. See the File Deletion Guideline for information on secure file deletion.
Additional rules apply to information relating to payment cards that your unit accepts as payment for goods or services.
To move a file to a flash drive:
- Insert the flash drive into the USB port.
- A white USB drive icon will appear on the desktop.
- Find and select the file you want to save to the flash drive by clicking on it. To select more than one, hold down the APPLE key while you click and select all of the files.
- Drag and drop the selected file(s) to the white USB flash drive icon.
- When you have finished copying, do not immediately remove the flash drive from the USB port. Instead, drag the white USB drive icon to the Trash Can, located on the Dock. The Trash Can will change to the Eject Icon.
- The white USB drive icon will no longer be visible on your desktop. It is now safe to remove the flash drive from the USB port.
To move a file to a CD:
- Insert a blank CD into the CD-ROM drive. A screen will appear.
- Select Open Finder.
- Click OK. The Untitled CD icon will pop up onto the desktop.
- Drag and drop the file you want to copy onto the Untitled CD icon.
- Click the Burn button at the top right hand side of the window.
- You will be given the option to change the name of the CD and the burning speed. Leave the speed at the default setting and name the CD.
- Click Burn.
- The next screen shows you the progress of burning the CD.
- When burning is complete, the icon will have the specified name.
Option B: Separate the number from the associated name
Delete the the first name or initial, or the number, from the file. In a spreadsheet, highlight the column with the numbers you want to remove and delete it.
Option C: Truncate the number to the last four digits
Delete all but the last four digits of the number.
Option D: Replace all but the last four digits with filler X's
Option E: Encrypt personal information
If you cannot find any other alternative to storing personal information and you have a business need for it, encrypt it. Encryption is an effective way to protect files, especially from being opened and viewed on a hacked or stolen computer. Refer to the Encryption Guideline for recommendations regarding encryption products and procedures. Coordinate encryption measures with local IT staff.
Encryption carries several risks. Encrypted information may not be recoverable if your computer’s hard drive fails. Consistent back up practices are highly recommended.
To read an encrypted file, you must have access to a secret key—or password—that enables you to decrypt it. Some encryption methods carry the risk of permanent loss of information if the key is lost. USE WITH GREAT CARE. Be sure to follow your unit's key management plan. If your unit does not have a key management plan, encryption keys must be delivered to your supervisor or a person designated to retain them.
|
Step 9 - Comply with applicable standards
|
