What is Data Loss Prevention (DLP)?
Data Loss Prevention (DLP) refers to a set of strategies, policies and technologies implemented to prevent the unauthorized loss, leakage, or exposure of sensitive or confidential data. The Information Security Office (ISO) recognizes that campus community members interact with protected data, such as government identification numbers, health records (HIPAA) and payment card information (PCI), in a variety of ways. As stewards of this valuable information, it is our responsibility to implement robust measures to protect data from unauthorized access, breaches, or accidental loss.
Why am I seeing notifications about DLP in Office 365?
You may see notices about DLP appear to ensure the security of sensitive data. These notices are typically triggered when you try to access, share, or perform actions on files or information that contain sensitive or confidential data. While these notices are designed to protect data, it is important to note that they can occasionally produce false positives. A false positive occurs when the system mistakenly highlights a legitimate action as a potential data loss risk. This can occur due to various reasons, such as complex algorithms, system updates, or the inclusion of certain keywords or patterns that may trigger the alert. If you believe that the notice is a false positive, please contact the Information Security Office so that we can review and address any false positives to ensure that legitimate actions are not unnecessarily hindered while still maintaining data protection: https://infosec.ucf.edu/about-us/#Contact.
Will the implementation of the DLP program affect productivity or hinder collaboration?
The goal of a well-designed DLP program is to strike a balance between data security and productivity. While certain security measures may introduce added steps or checks, they are essential for protecting restricted and highly restricted information. Adequate training, clear guidelines and user-friendly technologies can help ensure that the DLP program supports productivity and helps secure collaboration.
What technologies are being used in our DLP program?
The UCF DLP program uses the Microsoft Purview Platform. More information about the DLP part of Microsoft Purview can be found here: https://www.microsoft.com/en-us/security/business/information-protection/microsoft-purview-data-loss-prevention.
What is a policy tip?
DLP policy tips are non-disruptive messages that appear to users in real-time when they try to take an action that may violate a DLP policy. These tips offer guidance to users about the potential risks associated with their actions and suggest alternative ways to handle sensitive information securely.
These tips also serve as an educational tool to raise awareness among employees about the importance of data security and the organization's commitment to protecting sensitive information.
How often will the DLP program be reviewed and updated?
The DLP program will be constantly reviewed and updated to stay aligned with emerging threats, technological advancements, regulatory requirements, and the evolving needs of our university. Regular assessments and feedback from faculty, staff and students will help identify areas for improvement and ensure the program remains effective and relevant.
How should I handle Highly Restricted Data?
For more information on how to handle sensitive and highly restricted data please reference the following KB article: UCF IT Knowledge Base - Best Practices for Handling Highly-Restricted/Sensitive Data (service-now.com)
How do I report a false positive?
If you believe that a document has been flagged falsely by our DLP tool, please email infosec@ucf.edu
Where can I find more information or help with the DLP program?
For more information or assistance with the DLP program, please contact the Information Security Office, or refer to official communication channels, such as intranet portals, policy documents or training resources provided by the university.
Remember, implementing a robust Data Loss Prevention (DLP) program is a collective effort, and every individual's commitment to data security is vital in ensuring the protection of personal and highly restricted information at our university.