Follow these instructions to delete or secure personal information.
1. Locate personal information identified on the log.
2. If you don't need a file with personal information, delete it.
3. If you can’t delete a file, secure the personal information.
1. Locate personal information identified on the log.
Your goal is to look at each file shown on the log and determine how best to handle it. Digging through the log takes some time. Spider will identify some false positives, that is, files that do not actually contain personal information.
Every effort should be made to verify Spider's results before deleting, moving or encrypting files.
When you find files with Social Security, payment card or Arizona driver’s license numbers, continue to the next section below.
WARNING: The Spider log file can point directly to some very sensitive information. As a result, the log file must be deleted when you have finished searching it to ensure it is not used by an unauthorized person.
Spider for Windows produces an interactive log file. You can see file data, delete or move files, and delete files from the log by clicking on the buttons displayed at the bottom of the log file.
- Path: The location of the file on the computer
- Hit Type: The type of number identified
- Hits: The actual number identified by Spider
To look at the contents of a file:
- Select the file in the list of results by clicking on it or on the box to the left of it.
- To look at the contents of the file, click on the Hits button to view the actual number identified by Spider within the file.
-
To open the file, click the Run button. The file will open using the default application (e.g., MS Word, MS Excel, Adobe Acrobat Reader). If a file does not have a default associated application, try opening it with Wordpad (click the Start button, type WordPad in the search box, and then, in the list of results, double-click WordPad).
The Log Viewer purports to allow removal of files without personal information from the log itself (via the Remove from List button). However, you may experience difficulty in reloading the log after removing files from it. (Step 7 includes instructions for loading the Log Viewer.)
CONTINUE to 2 or 3 below.
2. If you don't need a file with personal information, delete it.
IMPORTANT NOTE: If you have received a preservation notice (litigation hold letter) from the Office of the General Counsel, contact the Office of the General Counsel before making any changes.
Return to Step 2 for information on how to determine whether to retain or dispose of a file. You must have a business need to store personal information. If you can access the personal information from the official source when you need it, dispose of it.
Be careful not to delete system (program or application) files.
To delete a file:
- Select the file by clicking on it or on the box to the left of it.
- Click the Erase or Delete File button. You will NOT be asked to confirm the deletion.
- Empty the computer trash folder or recycle bin.
To remove from the log a file once you've deleted it:
- Select the file in the list of results by clicking on it or on the box to the left of it.
- Click the Remove from List button.
-
Click Options > Save Log at the top left of the Log Viewer.
Deleting files via the Spider log file and emptying the recycle bin does not actually remove them completely from the computer's hard disk. Consider using a secure file deletion utility to erase the files from your computer’s hard drive immediately. See the File Deletion Guideline for instructions. Be careful when using a file deletion utility because the files cannot be recovered once deleted.
3. If you can’t delete a file, secure the personal information.
Personal information should be retained only if there is a business need for it. If you can access the personal information from the official secured source when you need it instead of keeping it yourself, dispose of it.
Select from the following options:
- Option A: Transfer files with personal information to a CD, DVD or flash drive and physically secure it
- Option B: Separate the number from the associated name
- Option C: Truncate the number to the last four digits
- Option D: Replace all but the last four digits with filler X's
- Option E: Encrypt personal information
NOTE: As of Fall 2008, SID numbers that are the same as SSNs are no longer in use. If you must store lists or reports with SID numbers from earlier semesters during the record retention period, be sure to secure them with one of these options.
Option A: Transfer files with personal information to a CD, DVD or flash drive and physically secure it
Write files containing personal information to a CD, DVD or flash drive and secure it behind a locked door or in a locked file cabinet.
Delete the files from your computer, then empty the computer trash folder or recycle bin. See the File Deletion Guideline for information on secure file deletion.
Additional rules apply to information relating to payment cards that your unit accepts as payment for goods or services.
To move a file to a flash drive or other physical medium:
- Select the file in the list of results by clicking on it or on the box to the left of it.
-
Click the Move File button.
-
Browse for the location of the drive. If you are planning on archiving files on a CD, we suggest you create a temporary folder on your desktop to temporarily store those files until you are ready to copy them to a CD. Once you have finished copying the files to the CD make sure you delete the temporary folder and empty your recycle bin.
-
Click the location.
-
Click OK.
To move a file to a CD, DVD or flash drive:
-
Select the file in the list of results by clicking on it or on the box to the left of it.
-
Click the Move File button.
-
Browse for the location of the drive. If you are planning on archiving files on a CD (or DVD) we suggest you create a temporary folder on your desktop to temporarily store those files until you are ready to copy them to a CD.
-
Click the location.
-
Click OK.
To remove from the log a file once you've moved it:
- Select the file in the list of results by clicking on it or on the box to the left of it.
- Click the Remove from List button.
-
Click Options > Save Log at the top left of the Log Viewer.
Moving files via the Spider log file and emptying the recycle bin does not actually remove them completely from the computer's hard disk. Consider using a secure file deletion utility to erase the files from your computer’s hard drive immediately. See the File Deletion Guideline for instructions. Be careful when using a file deletion utility because the files cannot be recovered once deleted.
Option B: Separate the number from the associated name
Delete the the first name or initial, or the number, from the file. In a spreadsheet, highlight the column with the numbers you want to remove and delete it.
Option C: Truncate the number to the last four digits
Delete all but the last four digits of the number.
Option D: Replace all but the last four digits with filler X's
Option E: Encrypt personal information
If you cannot find any other alternative to storing personal information and you have a business need for it, encrypt it. Encryption is an effective way to protect files, especially from being opened and viewed on a hacked or stolen computer. Refer to the Encryption Guideline for recommendations regarding encryption products and procedures. Coordinate encryption measures with local IT staff.
Encryption carries several risks. Encrypted information may not be recoverable if your computer’s hard drive fails. Consistent back up practices are highly recommended.
To read an encrypted file, you must have access to a secret key—or password—that enables you to decrypt it. Some encryption methods carry the risk of permanent loss of information if the key is lost. USE WITH GREAT CARE. Be sure to follow your unit's key management plan. If your unit does not have a key management plan, encryption keys must be delivered to your supervisor or a person designated to retain them.
|
Step 9 - Comply with applicable standards
|
