In This Article
In addition to using custom keywords to validate most built in (AnyFind) types the following identity types have the settings available for Negative Keywords:
Date Of Birth
Spirion also has the ability to invalidate false positives using custom negative keywords or by using Sensitive Data Definitions (SDD).
Using Negative Keywords
Negative keywords are words that, when they are found preceding a potential match result, are used to reject that potential match and ensure that it does not appear in the results.
For example, in a document containing 9 digit US Zip codes (with or without spaces or dashes - eg, 123456789 or 123-45-6789) which has labels preceding each zip code such as, "Mailing Address" or, "Zip", or a state abbreviation such as, "NY", those keywords can be used to reject the unformatted 9 digit numbers and prevent them from appearing as valid SSN results. In the latter case, it may be desirable or necessary to add the complete list of state abbreviations to the list of negative keywords.
Similarly, if a file contains, "Tracking: 123456789" and 123456789 is a valid SSN, if Tracking is used as a negative keyword, then 123456789 would not appear as an SSN result.
Negative Keywords can be used for Structured SSNs (ones that have the dashes in them) and for Unstructured SSNs, and for most other identity types.
Negative Keywords are NOT case sensitive.
There are two settings that enable and configure the custom negative keywords:
The UseNegativeKeywords setting must set to "Enable" (1), and then Identity Finder will use the keywords in the CustomNegativeKeywords list to invalidate potential SSNs. The is no UI in the client to configure these settings. They must be defined via policy, a configuration xml file, or directly in a system or user settings location.
Using a SDD to eliminate identity type false positives
If the word is within a few words before the SSN then you can use Negative Keywords as explained in this article, however if there is not a consistent known word near and before the SSN matched string then it is also possible to use a SDD to eliminate SSN false positives.
First you would create the Sensitive Data Type of a Keyword. This is done on the Console's>Admin>Sensitive Data Types (SDT) screen.
In this example we will be creating a SDD to not find a SSN match if the file contains the word Glen. Following is a screenshot of the results of searching the test data without the SDD applied. Keywords ARE case sensitive.
First create a Keyword SDT.
Then create a SDD that will only find a SSN if the file does NOT contain the keyword SDT you created.
This example will NOT return any SSN matches for a file that contains the keyword you specified.
Any matches that are found will not be shown as a SSN match but they will be shown as the SDD match.