For detailed information from the University level, go to: http://csuid.colostate.edu/
All staff and faculty were informed of the issue by Professor Whitley in an email sent out on August 18th, 2006. If you would like to look at the form to be signed by 30 September or would like to see Tony Frank's letter regarding this issue, go to: http://csuid.colostate.edu/?page=forms
The University stresses that focus should be placed on "lists of SSNs". They are not too worried about the occasional email containing one SSN. However, it is best if all individuals delete all known SSNs from the file system
Faculty and instructors might think they do not have any SSN lists. But have you ever received a class rolls file from SNA? If yes, then SNA emailed it to you. Did you delete it from your email folders? Did you save it to your class directory?
An important point is each employee has responsibility over his/her files and computer. For instance, if you have a department laptop checked out for a class, you are responsible for making sure it contains no SSN lists. If your files are kept on the UNIX servers, you are responsible for those files falling under your control (e.g. files kept in a class directory).
SNA has a scanning tool for hunting down lists of SSNs. Paul Hansen is in charge of scanning machines running Windows. If you would like a machine or laptop scanned, please contact him at hansenp@cs.colostate.edu. He can do this remotely as long as the machine is on the CS network. After scanning the machine he will send the owner a file containing a listing of positive hits. Along with the file will be hints on how to interpret the log file.
We are still trying to develop a mechanism for scanning the Unix systems that does not generate an unmanageable number of false positives. When we have this working Wayne will send each CS employee a list of your suspect files on the Unix servers.
Once you have the list, you have several options.
Windows: cimarosa, sarasate (3rd floor, South)
Linux: armstrong, basie (3rd floor, South)
Please understand systems administration will try to aid you in this huge cleaning of the system; however, systems administration is not responsible for cleaning up the file system. We, too, have to sign the form on by September 30th; like everyone else, we will sign it with regard to our personal machines and directories.