Audience: This FAQ is directed to University faculty and staff so that they can be prepared for the new Data Loss Prevention policies that will be applied to all SPU accounts shortly.
How does DLP work?
DLP looks at the Recipients (To/CC/BCC), subject line, message body, and the contents of attachments in real-time as a message is being composed for any of the following:
- Credit Card Numbers
- Social Security Numbers
- Bank Account Numbers
- Driver's License Numbers
If DLP detects one of the above, and one or more message recipients are to non-SPU email addresses, Email DLP Notification occurs.
Email DLP Notification
A "Policy Tip" is presented above the "To:" line in the message being composed. This Policy Tip provides several details concerning the draft message:
- The Policy Tips citation itself (see image at right)
- Verification of the external email recipient in question (in this case, felixthecat@...)
- A temporary option to Override the policy alert.
Once a DLP Policy alert is triggered, the email will be blocked from being sent (unless the override is invoked). When this happens, the external recipient will receive NO notification that the email was blocked, whereas, the sender will receive the following email notification:
This email message appears to contain sensitive and protected information that would have been sent over the public internet, as such the email has been blocked. Email is not a secure method of transmitting this kind of information. Please share this information with it's intended recipient in a secure fashion.
If you need assistance in determining the best way to share this information, please email firstname.lastname@example.org.
If you believe this email message does not contain sensitive information, you may click "Override" and provide more information to your system administrator.
What if DLP is wrong?
Sometimes an individual may decide that there is a sound business justification as to why the email should be permitted. At other times, DLP may flag on strings of data that are not sensitive in nature - what we call a "false positive." For such cases,
To Override the DLP policy, click the override link and explain why this action is justified. See steps to the right.
CIS will review these overrides:For business justifications, a member of the Business Systems Team ()
. We will
To Override DLP
1. Click the "override" text in the Policy Tip
2. Fill out the form and click "Override"
work to either find an alternate method of delivering the information in the email to the recipient and/or review how DLP was triggered, to find a way to deliver the information securely.
What else do I need to know?
CIS continues to refine and improve the tools available for effective and efficient sharing of information, and appreciates your help by ensuring your business processes share information securely.
If you have any questions or concerns, please contact the CIS Help Desk at 206-281-2982 or email@example.com.