Handling Personally Identifying Information

Personally Identifiable Information (or PII) is information, such as Social Security Numbers (SSNs), that can be used to uniquely identify a person. Stolen PII is frequently used to commit identity theft and fraud, and should be guarded carefully. Hackers and malware will search a compromised computer for SSN's they can find. As a matter of good practice, you should never keep any unprotected PII on your workstation. For Columbia employees and equipment, any PII should be protected with strong encryption or removed.

The capture, storage and retention of confidential and sensitive information by CUIT employees is permissible only if it is a University business requirement and complies with Columbia University's Social Security Number and Unique Person Number Usage policy, Data Classification policy and University Requirements for Endpoints Containing Sensitive Data. Even if you a private or student user, it is still highly advised to identify and secure your data with comprhensive tools and encryption.

The "Workstation Security Best Practices - User Guide" provides ten technical and procedural steps for securing your computer and work environment. Please read the document and adhere to these best practices.

This page provides information and software tools to identify, remediate, and secure sensitive personally identifiable information (PII) that could be resident on your computer.


PII/SSN Scanning Software

Use specialized applications to identify all vulnerable instances of PII on your workstation.

Remediation Tips

Tips on how to proceed once you've identified vulnerable PII on your workstation

Encryption Tools

Use strong cryptography to secure any instances of PII or protect the entire disc.

Supplemental Tools

Other programs that can provide Data Loss Protection.


To reach this page quickly in the future, use the keyword PII in the search box.


Reporting Security Problems

Send reports of security incidents, attacks, or questions to security@columbia.edu