Data Loss Prevention
College resources exist for the purpose of conducing legitimate business for the College. The College is bound by state and federal law to protect certain information that is transmitted using College systems, hardware, and networks. Pursuant to these objectives, the College has a duty to actively prevent the loss of Protected Information. One method of fulfilling this duty is Data Loss Prevention (DLP).
What is Data Loss Prevention?
Information Technology continues to actively prevent the loss of sensitive data (such as credit card and social security numbers) when you use College systems, networks and hardware in accordance with the Privacy and Data Loss Prevention policies. Data Loss Prevention (DLP) tactics deploy security controls to detect and prevent the unauthorized transmission of sensitive information. Unauthorized transmissions include:
- Email - do not send sensitive information via email unless it is encrypted through a secure connection
- Non-secure Websites - before you enter any sensitive information, make sure that the URL address uses https rather than http and that you trust the recipient.
What is considered protected or sensitive information?
“Protected Information” -- is a single term that includes all of the following: Confidential Information, Educational Records, Employee Records, Identifying Information, Medical Record or Health Information, Personal Information, and Proprietary Data of the College.
How does DLP work?
The purpose of the DLP quarantine process is to prevent data loss. It works much like the antivirus and email filtering tools used by the College to prevent computer virus outbreaks, compromised accounts, and phishing attacks. Using a set of predefined rules, an automated, electronic system will scan for credit card and social security numbers that are put at risk of exposure. The sensitive data can be:
- at rest - stored on a hard drive or other storage media
- in use - being copied from one location to another
- in motion - traveling across the network through email or file transfer
If you attempt to send an email that contains sensitive information in a non-secure manner, the DLP system will quarantine the email and send you (the sender) a notification. The email will be sent from firstname.lastname@example.org.
DLP does not gather information unrelated to the College’s Protected Information. The purpose of DLP is prevention of protected data exposure, data loss, or data breach.
What are the secure and encrypted methods to transmit and store protected information?
If your business process requires that you transmit or receive sensitive information the following options are available for your use:
- FileLocker is a web-based application that allows faculty and staff to securely and temporarily share files across campus and with external users (non cofc.edu).
- All faculty and staff have access to this application for free. No approval or registration is required.
- FileLocker is accessible off campus as long as you have internet connection.
- You can send large files up to 10GB to each recipients; up to 100 GB total.
- The College email encryption service allows approved campus Exchange email users (cofc.edu) to send sensitive data such as social security and credit card numbers safely and securely to external users (non cofc.edu).
- The email encryption service ensures that the recipient retrieves the message through an encrypted web portal for a more secure transmission.
- Requests must include a College-related business case and supervisor approval.
- Download the Request for Employee Access to Protected Data Form to request the ability to send email via encrypted methods.