Data loss prevention (DLP) is technology designed to help protect sensitive information from being accessed or viewed by individuals or entities. Faculty, staff and students across the UM System come in contact with data that must comply with PCI, HIPAA and FERPA standards to ensure it is kept as secure as possible. Examples of these data include:
- Social Security Numbers
- Protected Health Information (PHI)
- Credit Card/Banking Information
- Other Personally Identifiable Information
This type of information should not be sent via email unless absolutely necessary. Additionally, per University policy email transmission of highly restrictive DCL4 data to an external email accounts is strictly prohibited except through encrypted means. Users have a responsibility to ensure they are transmitting data in an appropriate manner but to protect this type of information we are implementing DLP technology. With this new technology, when emails are sent to an external source our email security controls will check content for potentially sensitive data. If the system detects sensitive information, it will automatically encrypt the message before sending. The original sender will receive a Microsoft notification telling them the message was encrypted.
For more information, view our Frequently Asked Questions.