Data Loss Prevention for Email
What is changing?
Starting May 18th when faculty or staff accidentally send sensitive data such as PII, HIPAA, FERPA, or financial data via email to an outside party they will receive a pop up notification in the Outlook client. We should never send sensitive data such as social security card numbers, credit card numbers, medical data, tax records, etc. via email as it is an insecure method of transmission. If the email protection system thinks you are trying to send sensitive information in either the body of the email or the attachments it will pop up a tool tip.
Here is a short list of items you shouldn't send via email to external persons.
- Social Security Numbers
- Credit Card Numbers
- Non Directory Information (Such as Bear Numbers)
- Drivers License Info
- Passport Info
- Account Numbers
- Medical ID Numbers
- Medical Diagnosis
No data loss prevention system is 100% accurate so it is possible that you receive a pop up message even if you are not sending sensitive information. If that occurs you simply need to click on the tool tip link and click on the option this message does not contain sensitive data and then click override. This will immediately send your email and the office of information security will get a notification that you used the override.
What if you don't have an Outlook client?
In that case you will receive an email alerting you that you have tried to send sensitive data.
You can override UNC’s policy on sending sensitive information by adding the word “override” to the subject line and re-sending your email. Before doing so, be absolutely sure that you are not sending sensitive data. To send this sort of sensitive information you need to ensure that the email is protected. Visit http://www.unco.edu/cybersecurity/faculty-and-staff-resources/email-security-for-faculty.aspxto learn how to do that.