Skip to end of metadata
Go to start of metadata

Audience: This FAQ is directed to University faculty and staff so that they can be prepared for the new Data Loss Prevention policies that will be applied to all SPU accounts shortly.

What is DLP?

Data Loss Prevention ("DLP") is a feature designed to prevent the sharing of sensitive information via insecure methods and/or to unauthorized individuals. The overall goal of DLP policy enforcement is to protect the University, its data, reputation, and constituents from accidental (or intentional) disclosure of sensitive and restricted information.

SPU is in the early stages of DLP policy development. Current DLP policies focus solely on information being shared via email from University email accounts to non-SPU recipients. However, additional tools and features exist that CIS will continue to explore.

Table of Contents

How does DLP work?

DLP looks at the Recipients (To/CC/BCC), subject line, message body, and the contents of attachments in real-time as a message is being composed for any of the following:

  • Credit Card Numbers
  • Social Security Numbers
  • Bank Account Numbers
  • Driver's License Numbers

If DLP detects one of the above, and one or more message recipients are to non-SPU email addresses, Email DLP Notification occurs.

Email DLP Notification

A "Policy Tip" is presented above the "To:" line in the message being composed. This Policy Tip provides several details concerning the draft message:

  1. The Policy Tips citation itself  (see image at right)
  2. Verification of the external email recipient in question (in this case, felixthecat@...)

Once a DLP Policy alert is triggered, the email will be blocked from being sent. When this happens, the external recipient will receive NO notification that the email was blocked, whereas, the sender will receive the following email notification:

This email message appears to contain sensitive and protected information that would have been sent over the public internet, as such the email has been blocked. Email is not a secure method of transmitting this kind of information. Please share this information with it's intended recipient in a secure fashion.

If you need assistance in determining the best way to share this information, please email

If you believe this email message does not contain sensitive information, you may click "Override" and provide more information to your system administrator.

What if DLP is wrong?

Sometimes an individual may decide that there is a sound business justification as to why the email should be permitted. At other times, DLP may flag on strings of data that are not sensitive in nature - what we call a "false positive." For such cases, please contact the Business Systems Team for assistance: We will work to either find an alternate method of delivering the information in the email to the recipient and/or review how DLP was triggered, to find a way to deliver the information securely.

What else do I need to know?

CIS continues to refine and improve the tools available for effective and efficient sharing of information, and appreciates your help by ensuring your business processes share information securely.

If you have any questions or concerns, please contact the CIS Help Desk at 206-281-2982 or