Identity Finder - KBA 81847

Usage on University-owned Machines

As mandated by the Case Western Reserve University President and Provost in 2010, Identity Finder™ enterprise software must be installed and run on university machines to support the strategy of removing all non-essential, restricted data from public campus computing environments. The Identity Finder program searches local machines for restricted data and when identified, the user is prompted to protect or destroy the data as appropriate. Researchers are encouraged to use Identity Finder to search for key items such as Social Security Numbers (SSNs), Credit Card Numbers (CCNs) and Medical Record Numbers (MRNs) in an effort to verify the presence of sensitive data and remove it when applicable.

Identity Finder works like an anti-virus product. The client software installs locally and communicates information to a management console operated by the Information Security Office. It scans local and external storage media (hard drives) for patterns that match SSNs, CCNs, password files and other potentially sensitive information that could lead to the risk of identity theft. If this type of information is located, the user will then be given the option of “shredding” (the preferred method for permanently removing vulnerable data) or moving the data to a secured file vault for processing at a later time. The primary function of Identity Finder is to locate and remove SSN data with CCN data being the secondary interest. The end user is ultimately responsible for removing sensitive data from the affected machine.

Identity Finder is free for use on institutional computers belonging to faculty and staff and can be downloaded from the UTech Software Center at It is recommended that end users scan their systems once each semester and once during the summer at a minimum. More frequent scanning is recommended if the user routinely works with sensitive data via correspondence or contracts. File server resources are scheduled to have scans performed monthly.

Usage on Personal Machines

The Identity Finder Home Edition is available to faculty and staff for use on private computers at a significant discount. It can be accessed through the UTech Software Center at CWRU students can receive a personal home license at no cost (only one free license per student is available). Identity Finder Home Edition licenses are issued directly from the Identity Finder website. Using the download link from the Software Center will ensure you are directed to the correct site. A valid CWRU email address using the domain must be entered when ordering the Identity Finder Home Edition or the order will not be processed.

Case Social Security Number Policy

The university policy for the approved use of SSNs in administrative processes is listed here: I-2 SSN Use Policy.

Please note the following excerpts from the policy directive:

    1. As part of the university’s phased compliance strategy, the university shall be entitled to take all reasonable steps to assess whether existing and/or legacy administrative processes, systems and applications are in compliance with this policy and the Case Acceptable Use Policy. Each individual subject to this policy has a responsibility to help with this assessment. This responsibility includes these elements:
      1. Identification of any older data containing SSNs that were used in administrative or academic processes.
      2. Isolation and purge of any non-essential files containing SSN data. Removal of these files shall be performed in a manner which eliminates the risk of disclosure or data loss.
      3. Application of established security controls, known as Tier III Controls, to protect sensitive information such as SSN data when its preservation is warranted and sanctioned.
      4. Mandatory reporting of security events, theft or loss involving SSN data.
      5. Providing notice to UTech when the individual needs assistance in determining whether they are in compliance with this policy, such as whether their legacy processes, systems, and applications still retain or store SSN.

Any individual violating this policy may be subject to disciplinary action in accordance with the applicable policy on Confidentiality (HR Policy I-12).