Daniel W. Linna Jr. Moderator • over 2 years ago
$1,000 Challenge - LexHacks 2015 - eVantage Services, an Orlans Group Company
Challenge Title: Detecting PII at the Point of Distribution
Challenge Description: Despite any business’s best efforts to restrict the ability to access and distribute documents with PII (personally identifiable information) data, it remains too easy for both accidental and intentional distribution of PII. Tools exist today to scan file systems for PII data, but what about the business that knowingly needs to work with documents containing PII? A file system scan would tell the business what they already know: they are storing documents with PII. What is needed is a failsafe check at the point of distribution, which is the challenge proposed here.
To be more specific, when is clicked from an email client, is clicked from any application, or a file is uploaded to a website, the content sent or printed could be scanned for PII, and if found, alert the user, providing the option to proceed, cancel, or redact. Such a solution can be broken down as follows:
1. Develop the core, common, reusable scanning capability which can be wrapped and leveraged for specific email, printing, and uploading purposes mentioned earlier.
o For this challenge, the minimum expectation is to scan for SSNs and credit card numbers, with design forethought given to the reality that other PII scans will be added over time, such as birth dates, driver’s license numbers, login ids and passwords, etc.
o Provide a C# API that websites with file upload capabilities can leverage in order to scan uploaded documents, warning the user if any PII data was found. A scenario like this enables the technology to be extended from the business community to the civic community, where entities throughout the legal industry, including legal aid entities and courts that support e-filing can benefit.
o Out of scope for this challenge, but also something that design forethought should be given to is the eventual scanning for PII data in images such as jpgs and image-based PDFs
2. Develop a Microsoft Outlook add-in that will scan the email subject, body, and text-based attachments for PII data, warning the user if found. The idea is that this component will be consume the scanning layer(s) developed in bullet #1. Design forethought should be given toward easing the future development of other installable PII scan wrappers for:
o Additional Email Clients
o Virtual Print Drivers: Virtual print drivers can be developed that will scan the document (text-based) being printed, warning the user if found. The virtual print driver will show up as a printer to the user, perform the PII scan, and hand-off to the actual print driver if the PII scan passes or the user chooses to proceed after being warned.
3. Design forethought should be given to eventually adding in the ability to redact, so when the user is warned that PII data was found, they will be given three options: 1) Proceed, 2) Cancel, 3) Redact. The redaction capability should offer the user the option to “redact all” or to inspect each instance first.
Technology to be used: Windows-based; C#; or other approved by Challenge sponsor.
Sponsor Designee: Brian Brown
Email Address for Challenge Questions: email@example.com
To learn more about eVantage Services, visit: http://www.evantageservices.com/
To learn more about Orlans Associates, P.C., visit: http://www.orlans.com/
Comments are closed.