Moderator   •   about 2 years ago

$1,000 Challenge - LexHacks 2015 - eVantage Services, an Orlans Group Company

Challenge Title: Detecting PII at the Point of Distribution

Challenge Description: Despite any business’s best efforts to restrict the ability to access and distribute documents with PII (personally identifiable information) data, it remains too easy for both accidental and intentional distribution of PII. Tools exist today to scan file systems for PII data, but what about the business that knowingly needs to work with documents containing PII? A file system scan would tell the business what they already know: they are storing documents with PII. What is needed is a failsafe check at the point of distribution, which is the challenge proposed here.

To be more specific, when is clicked from an email client, is clicked from any application, or a file is uploaded to a website, the content sent or printed could be scanned for PII, and if found, alert the user, providing the option to proceed, cancel, or redact. Such a solution can be broken down as follows:

1. Develop the core, common, reusable scanning capability which can be wrapped and leveraged for specific email, printing, and uploading purposes mentioned earlier.

o For this challenge, the minimum expectation is to scan for SSNs and credit card numbers, with design forethought given to the reality that other PII scans will be added over time, such as birth dates, driver’s license numbers, login ids and passwords, etc.

o Provide a C# API that websites with file upload capabilities can leverage in order to scan uploaded documents, warning the user if any PII data was found. A scenario like this enables the technology to be extended from the business community to the civic community, where entities throughout the legal industry, including legal aid entities and courts that support e-filing can benefit.

o Out of scope for this challenge, but also something that design forethought should be given to is the eventual scanning for PII data in images such as jpgs and image-based PDFs

2. Develop a Microsoft Outlook add-in that will scan the email subject, body, and text-based attachments for PII data, warning the user if found. The idea is that this component will be consume the scanning layer(s) developed in bullet #1. Design forethought should be given toward easing the future development of other installable PII scan wrappers for:

o Additional Email Clients

o Virtual Print Drivers: Virtual print drivers can be developed that will scan the document (text-based) being printed, warning the user if found. The virtual print driver will show up as a printer to the user, perform the PII scan, and hand-off to the actual print driver if the PII scan passes or the user chooses to proceed after being warned.

3. Design forethought should be given to eventually adding in the ability to redact, so when the user is warned that PII data was found, they will be given three options: 1) Proceed, 2) Cancel, 3) Redact. The redaction capability should offer the user the option to “redact all” or to inspect each instance first.

Prize: $1,000

Technology to be used: Windows-based; C#; or other approved by Challenge sponsor.

Sponsor Designee: Brian Brown

Email Address for Challenge Questions: bbrown@orlans.com

To learn more about eVantage Services, visit: http://www.evantageservices.com/

To learn more about Orlans Associates, P.C., visit: http://www.orlans.com/

  • 2 comments

  •   •   about 2 years ago

    Hi Everyone,

    I'm very excited to be a part of this hackathon, and eVantage is excited to sponsor the event. I'll be around all weekend if anyone has any questions, or just wants to discuss our challenge. If you can't find me, please don't hesitate to text or call me at 313-400-5773.

    Good luck to everyone!

    Thank you,
    Brian Brown

  •   •   about 2 years ago

    I've received several inquiries regarding the Outlook add-in. The primary purpose of the add-in is to demonstrate that your scanner works. When judging your submissions I'll primarily be looking for the implementation of S.O.L.I.D. design principles:

    * Does each class do only one thing?
    * Are your classes extendable?
    * Are your classes interface implementations?
    * Are your classes dependent upon abstractions instead of concretions?

    If S.O.L.I.D. is a new concept, the below article should help, or you can see me if you have any questions.

    http://www.davesquared.net/2009/01/introduction-to-solid-principles-of-oo.html

    As an example:
    When designing your applications think in terms of creating a scanner class that has a static method to execute a command, which accepts an interface command object. This command object would have a single ExecuteScan method, and would accept another of scan content. For this challenge scan content would be what's being scanned, the command object would have the functionality for scanning the content, and the scanner would be responsible for executing the command.

    Please let me know if you have any questions.

    Thank you,
    Brian

Comments are closed.