What is Data Loss Prevention (DLP)?
DLP enables an organization to reduce the risk of unintentional disclosure of sensitive data by identifying, monitoring and protecting confidential data while in use, in motion and at rest.
Emails containing high risk data, such as Protected Health Information, Social Security numbers, and credit card numbers, being sent insecurely to an external mail recipient (this includes UIC Gmail) will be automatically notified of the data classification.
Identifying sensitive information across many locations,
such as Exchange Online, OneDrive for Business, and
Microsoft Teams.
For example, UIC can identify any document containing a social security number in OneDrive for Business.
Preventing the accidental sharing of sensitive information.
For example, UIC can identify any document or email containing a
health record that's shared with people outside of UIC and
then automatically block the email from
being sent. Note: UIC policies are configured to NOT block any email at this time.
Monitoring and protecting sensitive information in the desktop versions of Excel, PowerPoint, and Word.
Just like in Exchange Online and OneDrive for
Business, these Office desktop programs include the same capabilities to
identify sensitive information and apply DLP policies. DLP provides
continuous monitoring when people share content in these Office
programs.
Helping users learn how to stay compliant without interrupting their workflow.
For example, if a UIC employee tries to
share a document containing sensitive information, a DLP policy can both
send them an email notification and show them a tip in the
context of the document library that allows them to override the policy
if they have a business justification. The same policy tips also appear
in Outlook on the web, Outlook, Excel, PowerPoint, and Word.
Sensitive data includes protected health information (PHI) and
personally identifiable information (PII) such as an individual's
medical record, address, gender, social security number, credit card
numbers, date-of-birth or any other identifiable health information.
HIPAA/HITECH regulations require UIC to identify
confidential data within our information systems and minimize security
and privacy risks associated with the use of that data. People have the expectation that we will only use their personal
information as required to deliver quality services and will guard that
information against inappropriate access, use, and disclosure.
UIC is implementing Microsoft's Office 365 DLP solution that will identify sensitive data in our Office 365 organization and how it is being used.
All Exchange Online email traffic will be automatically analyzed by Microsoft's DLP solution. DLP scans outgoing mail to ensure that sensitive information such as social security numbers or HIPAA-covered information is not being sent insecurely. When a match is found in an email, the sender will be notified via email about the sensitive information being sent or an automatic tool tip will appear within the Office application notifying the user of the possible policy violation before the message is sent.
For assistance with DLP issues, please email consult@uic.edu