Acting On Sensitive Data Discovery (SDD) Scans

This is information and instructions for those receiving Sensitive Data Discovery (SDD) scans. The scans are conducted by ITS twice a year and any administrative (i.e., non-research) MIStorage share in the CoE departments can be added to the scan portal by contacting CoE Security Unit Liaison ([email protected]).

An SDD scan looks for SSN, credit card numbers, and other related sensitive data.

What You Should Do

  1. Review your Sensitive Data Discovery report (U-M login required). The report lists the names and locations of your files that may contain sensitive university data.
  2. Check each of the files and update the report accordingly. For each file, you will need to take action (see instructions):

Keep the Following in Mind as You Take Action on the Listed Files

  • Delete files that are no longer needed or delete the sensitive information flagged within the file.
  • Move personal files to a Personal and Private folder (where they will not be scanned in the future).
  • Note which files do contain sensitive data and are still needed. Mark the portal accordingly for each file.

About Sensitive Data Discovery

  • These sensitive data scans are done twice a year.
  • The scan looks for numeric patterns formatted like Social Security and credit card numbers. It does not look at the content of files.
  • If the scan identifies files that appear to contain sensitive data, it is then your responsibility to check the files and take appropriate action.

Questions or problems accessing the portal should be directed to CoE Security Unit Liaison ([email protected]).