masthead
Event Overview Timeline Clean Up Procedures Resources FAQs Contacts
Classifying & Retaining
Discarding Hard Drives
Data Handling
What To Do During Data Cleanup

The procedures documented here should be used as a quick reference. For specific details on what a Department Head, Manager, CSR, & Employee should do during Data Cleanup, read the PDF documents located at the bottom of the main page of this site.

The primary focus of the campaign is for employees to remove sensitive data files from their desktop computer(s). To do so, the files must first be located, then verified, and last but not least securely deleted or archived to a fileserver or removable media such as CD/DVD, encrypted USB drive etc. and stored in a controlled secure location. Sensitive files should only remain on a desktop if approved by the Department Head.

To locate sensitive data files, GT has made available a discovery tool named Cornell Spider that has been modified to work in the GT environment. This tool is designed to "crawl" the entire computer including e-mail and identify sensitive files containing social security, credit card, and gtID numbers. Spider for Windows, along with the user's guide can be downloaded by a CSR from the OIT Software Distribution Site, under the CSR/CSS affiliation section.

Spider is also available for Vista, Macintosh OS X, Linux and Unix operating systems and can be downloaded from Cornell University's website at http://www.cit.cornell.edu/security/tools/

Data Cleanup Procedures At-A-Glance

  1. The CSR should install and run the Spider tool on all employee's computers and generate a report.
  2. The employee should review the report and follow the path to locate the file on their computer.
  3. Once located the employee should determine if the file should be securely deleted, archived to a fileserver or removable media, or remain on their system if need to perform current job duties.
  4. If the employee determines that the file is needed, they should obtain approval from their manager to keep the file on their computer.
  5. If the Manager does not approval a system to store sensitive data, the data should be removed from the desktop.
  6. The manager should maintain a list of all employees that are approved to keep sensitive data files on their computer.
  7. Once the list is completed by the manager it should be shared with the Department Head for final approval and awareness of the employees and systems that will continue to store sensitive data on their systems.
  8. If the Department Head does not approve a system to store sensitive data, the data should be removed from the desktop.
  9. Once the list has final approval of the Department Head, the spreadsheet should be submitted to datacleanup@gatech.edu so that a whole-disk encryption license can be issued for each desktop and laptop storing sensitive information.

CAUTION: Don't forget to delete those email attachments and empty the Recycle Bin after deleting sensitive files

HOT TIP: Run one of the secure delete tools from the toolbox located on the resources page after deleting sensitive files and before discarding hard drives

Note: There is no charge to the department for a whole-disk encryption license, however licenses are limited.