Submitted by admin on

WHAT’S HAPPENING?

As part of Georgia Tech’s enterprise data loss prevention (DLP) efforts, an initial set of DLP rules have been enabled within Office 365, effective November 26th, 2019. The Institute’s DLP program introduces policies and controls around emails that include restricted data types such as health, financial, and academic records for Georgia Tech students, faculty, researchers, and staff. 

    WHAT DO YOU NEED TO DO?

    The initial rules will alert users when potentially sensitive information is contained in an email and will help reduce the risk of sensitive information being inadvertently exposed. Moving forward, any user who attempts to send an email message with any of the following data types (within the body of the message or as an attachment) will either receive a bounce back or notification that alerts the user and requires additional action before the message can be sent.

    Personally Identifiable Information (PII)

    • U.S. Individual Taxpayer Identification Number (ITIN)
    • U.S. Social Security Number (SSN)
    • U.S. / U.K. Passport Number 

    Financial/Payment Card Industry (PCI)

    • Credit Card Number
    • U.S. Bank Account Number
    • ABA Routing Number 

    Patient Health Information (PHI)

    • U.S. Social Security Number (SSN)
    • Drug Enforcement Agency (DEA) Number
    • International Classification of Diseases (ICD-9-CM)
    • International Classification of Diseases (ICD-10-CM) 

    Banner Database Table Column Header Names

    • Numerous sensitive data elements

    Please refer to the following Data Loss Prevention site for screen shots showing what you can expect to see - Data Loss Prevention

    WHO SHOULD YOU CONTACT FOR QUESTIONS?

    Feel free to contact the TSO Help Desk (CCB 148, 404.894.7065, helpdesk@cc.gatech.edu). For more information about Georgia Tech's efforts around the recent student data disclosures, please refer to the following news posting - Tech Responds to Student Data Disclosure