Data Loss Prevention (Spirion)
(CSU Chancellor Mandate)
Spirion is a program that locates Protected Level 1 data in files such as Word, Excel, PDF, and other common file types. In addition to locating Protected Level 1 data, Spirion can perform actions on locations that contain Protected Level 1 data. Such actions include the ability to Shred (securely delete) and Redact (mask specific sensitive data) in order to protect yourself (or others) from identity theft.
After a scan, a results window will pop up as shown here:
Go through each match and choose between the following:
a) Shred, which securely and permanently deletes the file. This is a permanent action that cannot be undone.
b) Redact, which replaces or “masks” the sensitive data with dummy data. This is a permanent action that cannot be undone.
c) Ignore, which is for false positives -- your ignored matches will be remembered and will not need to be repeated in subsequent scans, in most instances.
Please note: Spirion was formerly known as "Identity Finder" - these terms are interchangeable.
- Frequently Asked Questions (FAQ)
What is this new icon in my system tray?
This is the logo of the Spirion “dog”, whose presence in the system tray indicates that Spirion is running on the system
Why is SJSU Implementing Spirion?
The number of data breaches continues to rise and cyber criminals are now targeting universities like never before. Many of us don’t realize we may be placing the campus at risk by having sensitive Level 1 data, also known as personally identifiable information (PII), on our workstations. The California State University (CSU) and affected bargaining units recognize that data breaches are detrimental and to minimize risk have agreed that CSU campuses may proceed with implementing Spirion data loss prevention software. Spirion is a program that scans laptops and desktops to help locate Level 1 information and securely delete or modify (scrub) the documents.
SJSU is also legally required to protect PII entrusted to its care. PII is an umbrella term for information which SJSU classifies as Level 1 data that is linked to an individual person's identity, such as Social Security Numbers, driver license data, and credit card or bank account information which can be used to facilitate identity theft. Because of the damage that inadvertent disclosure of protected information may do to the University, a campus-wide effort to locate this type of information is under way to ensure that adequate protection is in place.
What will staff, employees and faculty need to do?
Some employees are going to find some amount of Level 1 data and many times will not have realized it was present. The data could be in a file accidentally saved, a file that was saved years ago or information automatically saved by a program or process. Spirion will empower employees to discover what protected data is on university computers and to provide the tools to manage it effectively and reduce security risks.
The search results will contain the date, location, number of matches, and the type of Level 1 data found on the computer. To safeguard protected data from unnecessary risk, employees will be able to securely delete the protected data no longer needed, ignore the data if it is incorrectly identified, or move the protected data to a secure location. Employees may choose to contact the SJSU Help Desk or their divisional IT support representative to help with usage of Spirion or the removal or relocation of Level 1 data.
Will this program send any of my data to IT?
No private or protected data will be saved or transmitted by Spirion. The only data Information Security Office will receive is metadata: file path, computer, user, time of scan, and action taken. No part of any identified information itself will be sent, only the information that a match was found.
What is a campus workstation?
All CSU owned computers issued by the university.
If I visit SJSU.edu, SJSUOne, or SJSU Email from my private device, will Spirion be installed or can my personal machine?
No. Spirion is only installed and scanning on CSU owned machines.
Why would Spirion look through personal info: e.g., favorites/bookmarks?
The Spirion application needs to scan anywhere on your CSU owned machine where Level 1 data might be inadvertently stored. It’s a safety measure to ensure no protected data is lost in the event of system compromise.
- What Does Spirion Search For?
This tool will find and assist you with protecting Level 1 Protected Data (PII), or other data elements that can be used for identity theft. This data would allow someone to steal your identity by obtaining them individually, or by using them in combination with each other. Such data includes:
- Social Security Number
- Credit Card Numbers
- Password Entries
- Bank Account Numbers
- Driver’s License Numbers
- Passport Numbers
- Australian, Canadian and UK ID Numbers
The types of files that Spirion searches for are Microsoft (Word, Excel, Access, PowerPoint, etc.) Adobe (PDF), text files, web files, compressed file and other common file types that are more likely to store Level 1 data. Such data can come from a broad range of activities and records including the following:
- Old Class Rosters
- Old Student Time Sheets
- Demographics data and records requested by federal agencies or professional organizations
- Human Resource Records
- Student Reporting
The Information Security Office recommends destroying any confidential information which is no longer needed.
- Where Does Spirion Search?
Spirion will search through specific folders in your computer's hard drive for Protected Level 1 data. These include, but are not limited to:
- Local user folders (Documents, Desktop, Downloads, Music, etc.)
- Web Browsers (saved passwords, browser cache, Favorites/Bookmarks, etc.)
- Windows Registry
Spirion will not search certain folders reserved by the Operating System like C:\Windows\, as these are typically write-protected and require admin privileges to access. San Jose State University and its employees are responsible for PII data for individuals that is collected and stored. If you have a question about the data you are storing, and whether you should be storing it, please ask your manager.
For future reference, our Quick Scanning Guide can assist you in launching, searching, shredding, ignoring, and saving results.
- A Few Items to be Aware of
- The scan will be scheduled for after-hours, initially on a bi-weekly basis, and later as we more fully deploy, to once a month. If the scan is not successful because the user is not logged in, or the computer is not on, the scan will occur at the next user login.
- Google Drive is in scope for scanning.
- The preview pane on the right shows details for matches found.
- It may be useful to press “Collapse All Rows” to show a list of Locations (files), rather than each specific Match. The number of locations will be much fewer than the number of total Matches.
- Continue to go through each Match until you’re done with all Matches.
- CFA & CSUEU Review
CSU labor relations and system-wide Information Security reviewed the Spirion deployment, and has recognized the importance and the value of this implementation to our security process.
"The parties to this agreement, (CSU) and CFA, agree that data breaches are detrimental to all and agree that CSU may proceed with its implementation of … Spirion, subject to documented conditions."
- CSUEU Approval [pdf]: 3/3/14
- CFA Approval [pdf]: 7/21/14
- CFA: “The parties acknowledge the importance of working together to ensure the security of data used and stored on CSU system."
- CSUEU: “The parties acknowledge that CSU is required by law and CSU policy to monitor and protect the security of data used and stored on its systems and acknowledge the importance of working together to ensure the security of the data.”
ICSUAM Policy 8065.0 [pdf] - Information Asset Management from the Information Security Policy section of the Integrated CSU Administrative Manual