Abstract
Regulated sensitive data must be handled properly to protect the university community and the university. Violations can lead to harm for individuals, costly fines, and reputational damage for U-M. Therefore, ITS Information Assurance takes the responsibility to comply with regulations and standards that govern the use and storage of sensitive data very seriously. To that end, IA offers a Sensitive Data Discovery and Reporting Service to all of U-M at no cost.
Because the first step in protecting sensitive data is to map out where that data is located, an IA staff member created a scanning application that detects patterns like Social Security numbers and Credit Card numbers across several technologies, including File Shares, Windows, and Mac Workstations, Websites, Databases and OneDrive Cloud Storage. IA offers both one-time scans or semi-annual scanning and then provides the results through the Sensitive Data Discovery Portal, which is also an open source tool open to all of higher ed. Consumers of this data can then identify and classify actionable detections and non-actionable due to business needs to exist through the Sensitive Data Discovery Portal to ensure those classified as non-actionable detections do not appear in the portal in future scans.
The Sensitive Data Discovery portal has made users more aware of inadvertent storage of regulated sensitive data, enabled units to know what practices need to be improved over time, and significantly reduced exposure to sensitive data.