Instructions for SSN Detection: Social Security Number Detection and Remediation
Clarifications and FAQs
Q: When we leave our computers on, should we also leave ourselves logged in?
A: No, you don't need to be logged in. The ATLAS technicians will use an administrator password to run a scanning program that will search all files on your computer and on your home directory.
The program looks for nine-digit numbers. When it finds any, it adds the filename to its report log. If you own any suspect files you will be asked to verify that the file doesn't contain a social security number or delete the file.
Q: Are we required to scan our personally-owned home computers and laptops?
A: If a personal computer is being used on campus and is being connected to the network and/or if sensitive university-owned data resides on that machine, then, yes, we are required to scan those machines.
ATLAS is willing to help anyone who needs help as is the CITES Help Desk.
As for personal computers that never leave home, we do not require that you run Firefly on those machines unless you believe that SSNs or other sensitive university data might reside on those machines.
Faculty: You should scan your own computers if you work on University data on that computer. That is, if your home computer is only used for personal work or your family, then there is no reason to scan it. However if you take University data home and store confidential data there, you should scan it. If you are careful about storing University information in only a specific directory, you may want to use the configure option of Firefly for Windows to scan only that directory. In any case there is no harm in running Firefly at home to see if you have any of your own personal SSNs or Credit Card numbers stored on the drive, in order to protect yourself.
Grad students: You shouldn't have to scan personal home computers unless you work with administrative data that might include SSNs.
A: If you want to run the SSN detection program yourself, please follow these steps.
1. Install Firefly.
Go to the following web page and scroll down to the "Instructions for Faculty and Staff".
You will download and install the software program "Firefly".
If you need help installing the software, contact the CITES help desk.
2. Check the Firefly report and email it to the English dept.
When you run Firefly it will generate a report. You should review the report and verify that your computer is free of Social Security Numbers.
Please send the report both to me (firstname.lastname@example.org) and to Becky Moss (email@example.com), together with a note stating that all suspect files in the report have been addressed. If files contain SSNs, then those files should be destroyed, turned over to the dept, or (if you have need to store SSN data) provide notice that you have this data and are keeping it encrypted.
Q: Must we delete or encrypt files containing our own social security numbers, such as in tax files or W2 forms?
A: You can keep your own SSN data on a personally-owned computer, it is data that belongs to the state that is governed.
If you have your own SSN on your University-owned computer, then you are instructed to remove it to a personal data store (like a USB key or CD). The policy isn't intended to protect your SSN, it is intended to prevent a loss of confidential data that is entrusted to the state.
Q: How can I encrypt files?
A: This website from University of Minnesota summarizes various encryption methods.