Most people know to protect their passwords. Fewer realise that sensitive personal data โ credit card numbers, national insurance numbers, passport details, bank account information โ is quietly accumulating in ordinary files on their PC.
An old email export from five years ago. A spreadsheet someone sent with their bank details. A scanned CV containing a national ID number. A PDF invoice with a full credit card number at the bottom. These files sit in Downloads, in old project folders, in email archives โ forgotten but not gone.
If someone gains access to your PC, or if you sell or hand over a device without wiping it properly, that data is exposed.
What Kind of Personal Data Hides in Ordinary Files?
Payment card data
- Credit and debit card numbers (16-digit strings in 4-4-4-4 format)
- Card expiry dates and CVV codes written alongside card numbers
- IBAN and sort code / account number combinations
These appear in: invoices received by email, expense reports, old order confirmations saved as PDFs, and spreadsheets used to log purchases or reimbursements.
Identity documents
- National Insurance numbers (UK format: AA 99 99 99 A)
- Passport numbers and driving licence numbers
- National ID numbers (formats vary by country)
These appear in: HR documents, onboarding paperwork, scanned documents, and any file where someone has entered their identity details to complete a form.
Credentials and access data
- Passwords typed into plain text files, notes, or spreadsheets
- API keys and access tokens saved locally
- Wi-Fi passwords, database credentials in configuration files
These appear in: text files saved as passwords.txt, old README files, configuration files from development projects, and exported notes.
Why This Data Accumulates Without You Noticing
- Files received by email are saved to Downloads and never moved or deleted
- Documents sent by others contain their personal data, not just yours
- Old backups carry data from years ago that has since been formally deleted elsewhere
- Exported data from apps (contacts, calendars, accounting software) lands on the local drive
- Work files with client data are taken home and never removed
- Development projects include test data or real data used during setup
Method 1: Search Manually Using Windows File Explorer
Windows File Explorer lets you search for text within files if Windows Search indexing is enabled:
- Enable full-text indexing: Search bar โ Indexing Options โ Modify โ Show all locations โ check all drives โ OK.
- Search for patterns: In File Explorer, search for terms like
passport,NI number,password,card number. - Review results and check each file manually.
Limitations
- Only finds exact words โ cannot recognise patterns like card number formats
- Cannot scan reliably inside PDFs, images, or compressed files
- No way to assess risk level or prioritise which files to address first
- Misses data that is not labelled (a card number written without the words "card number" nearby)
Method 2: Use PowerShell to Search for Specific Patterns
PowerShell can search file contents for regular expression patterns โ including formats that match credit card numbers. For example:
Get-ChildItem -Path 'C:\Users\YourName' -Recurse -Include *.txt,*.csv | Select-String -Pattern '\b\d{4}[- ]?\d{4}[- ]?\d{4}[- ]?\d{4}\b'Limitations
- Requires knowledge of regular expressions โ errors cause missed or false results
- Cannot scan PDFs, images, or binary files without additional libraries
- No risk scoring โ all results are treated equally
- Cannot detect PII from multiple countries without writing separate patterns for each
Method 3: Dedicated PII Scanner โ The Reliable Approach
Enterprise PII scanning tools exist โ Netwrix, ManageEngine, SecurityMetrics โ but they are designed for IT departments managing hundreds of machines, cost thousands of pounds annually, and require server infrastructure to run.
For individuals, freelancers, small businesses, and anyone decommissioning a personal device, DataTrace Pro X fills the gap:
DataTrace Pro X scans documents, spreadsheets, and PDFs for credit card numbers, IBANs, national IDs, passport numbers, and credentials. Covers 8-country national ID formats. Three scan modes: Rules (fast), Smart AI, and Deep AI (NVIDIA GPU). Folder Risk Map shows HIGH / MED / LOW concentration per folder. 100% offline.
โ Get it Free on Microsoft StoreWhen Does Finding Hidden Personal Data Actually Matter?
- Before selling or donating a PC or laptop โ a factory reset does not securely erase data; files can be recovered from a reset device without proper wiping.
- Before sharing a folder or drive โ shared network drives and external drives regularly contain personal data left behind by previous users.
- Before decommissioning work files โ freelancers and contractors who hold client data are subject to GDPR. Knowing what personal data you hold is a compliance requirement.
- After a data breach or device theft โ knowing exactly what personal data a lost laptop contained is essential for determining whether you must report the incident under GDPR.
- Regular audits โ cloud sync folders, network drives, and external hard drives used for years accumulate data nobody remembers is there.
What to Do When You Find Personal Data in Your Files
- Delete the file entirely if you no longer need it and it does not belong to you (e.g. an old invoice with someone else's card number)
- Redact the sensitive fields in Word, Excel, or PDF if you need to keep the document but not the sensitive data
- Move the file to an encrypted folder if you are legally required to retain it but need to restrict access
- Securely delete rather than just delete if the data is highly sensitive โ standard deletion does not prevent file recovery tools from retrieving the content
For GDPR purposes, if you are a sole trader or small business holding client personal data, you should be able to answer: what data do I hold, where is it, and how is it protected? A PII scan gives you the first two answers.
Frequently Asked Questions
Can a PII scanner read encrypted files?
No. Encrypted files โ including password-protected PDFs and BitLocker-encrypted drives โ cannot be scanned without decryption. Scan after decrypting, or ensure encrypted containers are documented and access-controlled.
Will it scan my email archive?
DataTrace Pro X scans files on your local drive, including exported email archives in formats like .eml, .msg, and .pst if they are stored as files. It does not connect to email servers or webmail accounts.
How accurate is the AI detection?
The Smart AI and Deep AI modes use on-device language models to assess context โ reducing false positives from strings that look like card numbers but are not (e.g. product serial numbers, phone numbers). Rules mode is faster but generates more false positives on complex documents.
Is this relevant to GDPR compliance?
If you are a sole trader, freelancer, or small business that holds personal data about clients, employees, or third parties, GDPR requires you to know what data you hold and protect it appropriately. A PII scan helps identify what exists on your local systems โ a useful first step, not a substitute for a full GDPR audit.
How long does a full drive scan take?
A typical user folder (50,000 files, mixed types) takes 3โ10 minutes in Rules mode. Deep AI mode is slower but significantly more thorough. An NVIDIA GPU speeds up Deep AI scans 5โ10ร.
About Beginza โ Beginza builds privacy tools for Windows that run entirely on your device. No cloud, no accounts, no subscriptions. Browse all apps at beginza.co.uk.