RE: Sensitive Data and Email
May 22, 2019

Post

Dear Colleagues,

In today’s evolving threat landscape, we must protect ourselves from those that would perpetrate fraud against us by constantly questioning how we store and transmit confidential information.

To prevent the accidental sharing of sensitive information, a data loss prevention (DLP) software-based policy has been implemented in Outlook. If this policy detects an attempt to share PII with someone outside the institution, it will email a warning notification, including the suspected data type, to both the sender and IITS.

For example, if you were to send an email that contained an unencrypted Social Security Number, you would receive a message in the following format.

From: Microsoft Outlook <postmaster@lbccd.onmicrosoft.com>

Your email message conflicts with a policy in your organization. Issues:

  • Message is sent to people outside your organization.
  • Message contains the following sensitive information: U.S. Social Security Number (SSN)

Message is attached.

At this point, you would need to follow instructions for Remediating PII Notifications from Outlook.

Note: By extension, this includes the transmission of non-business related information. Do not use District resources to store or transmit your sensitive information. Sending personal taxes, refinance forms, medical verification forms, or anything else that contains your confidential information puts you at risk.