Handling Personally Identifying Information

Personally Identifiable Information (or PII) is any kind of information, such as a Social Security Number (SSN), that can be used to uniquely identify you. PII's, such as SSN's are frequently used in cases of identity theft and fraud, and should thus be guarded very closely. Hackers and malware search a compromised computer for any SSN's they can find. As a matter of good practice (and in the case of Columbia employees and equipment, a matter of official policy), you should never keep any unprotected PII on your workstation. Any PII should be protected with strong encryption or removed.

The capture, storage and retention of confidential and sensitive information by CUIT employees is permissible only if it is a University business requirement and complies with Columbia University's Social Security Number and Unique Person Number Usage policy, Data Classification policy and University Requirements for Endpoints Containing Sensitive Data. Even if you a private or student user, it is still highly advised to identify and secure your data with comprhensive tools and encryption.

The "Workstation Security Best Practices - User Guide" provides ten technical and procedural steps for securing your computer and work environment. Please read the document and adhere to these best practices.

This page provides information and software tools to identify, remediate, and secure sensitive personally identifiable information (PII) that could be resident on your computer.


PII/SSN Scanning Software

Use specialized applications to identify all vulnerable instances of PII on your workstation.

Remediation Tips

Tips on how to proceed once you've identified vulnerable PII on your workstation

Encryption Tools

Use strong cryptography to secure any instances of PII or protect the entire disc.

Supplemental Tools

Other programs that can provide Data Loss Protection.


To reach this page quickly in the future, use the keyword PII.


Reporting Security Problems

Send reports of security incidents, attacks, or questions to security@columbia.edu