Spirion (formerly Identity Finder) is commercial software used to search for personal information such as social security numbers, credit card numbers, bank accounts, etc. It can search in local and remote drives, emails, and synchronized storage such as Berkeley's bConnected Box.
Spirion’s primary use is for devices that routinely handle data classified as Protection Level 2 (PL2) or higher, as specified in the Berkeley Data Classification Standard.
Licenses can only be made available for the purposes of users and departments with clear needs such as:
A department that routinely deals with PL2 or higher data to monitor and ensure such data is found only in designated systems.
A department launching a project to verify particular kinds of non-public data is not found in the department.
An individual or department involved in incident response, that needs to verify the types of data that may be in scope for the incident.
There are two options for allocating licenses:
Single device licensing mode
- A single license to scan a single device
- Licenses may not be transferred between devices
- Licenses can be reclaimed on a yearly basis (only in July)
- The OCR module on the individual machine’s drives may be used
- File shares, databases, and websites via the additional DB, and web module may not be used
- Additional modules may not be used
Departmental licensing mode
- Licensed for the number of full time FTE in the department
- Part-time students, contractors, etc. not counted for total
- All devices within the department can be scanned
- All modules can be used (file shares, OCR, databases, websites)
- Only the licensed department's data can be scanned, for instance only their group directory on a shared file server
- Department licenses can be reclaimed on a yearly basis (in July)
Campus-wide resources, such as CalShare or Research Hub, may not be scanned within the terms of the license.
To request Spirion licenses, email email@example.com and include:
- The type of licensing appropriate to your use case
- The number of licenses needed for single-use or your departmental FTE count for departmental use.
Please see the following guide for step-by-step instructions on how to use Identity Finder: Using Identity Finder (PDF created by Information Security Office). You can also email us with any questions regarding your needs.
The University protects the privacy of Electronic Communication Records. Please make sure you have proper permissions to scan a system. If you have additional questions on whether it is acceptable to scan a particular system, contact IT Policy at firstname.lastname@example.org.
For policy guidance on scanning for social security numbers, please see: