Are you sure your uni doesn't have sensitive data on laptops? What about the professor that ran a study on mosquito bites 15 years ago, and has ssn's of the participants? How about the old system used for parking tickets by the campus police? What about the spreadsheet that was used to track paid interns for the girls volleyball team 10 years ago? Every university in the country has switched away from using ssn's on their main systems, but you'd be amazed at the nooks and crannies where this sort of data can be hidden in. And "I never thought the hacky-sack club would have sensitive data" doesn't cut it as an excuse. But I fully agree, that in all of these scenarios the data shouldn't be there to begin with. Running a scanner, even if only annually, is a prudent step towards cleaning these things up.

I also work at Cornell. What some folks may fail to realize is that a University is a large organization and the colleges are allowed quite a bit of freedom in how they operate. I see a lot of posts mentioning encryption, well our dept does encrypt the user storage areas of their hard drives, but not every college/dept does. Perhaps some day it will be mandated, but currently it's not. Still, the Identity Finder really targets the large set of users that pulled a spreadsheet (perhaps many years ago) onto their machine with sensitive info, and probably don't even realize it's there. Is it perfect? Of course not, but it definitely helps remove a lot of low hanging fruit and it also reminds everyone that they need to be responsible with the data on their pc's.