CofC Logo

Data Loss Prevention

College resources exist for the purpose of conducing legitimate business for the College. The College is bound by state and federal law to protect certain information that is transmitted using College systems, hardware, and networks.  Pursuant to these objectives, the College has a duty to actively prevent the loss of Protected Information.  One method of fulfilling this duty is Data Loss Prevention (DLP). 

What is Data Loss Prevention?

Information Technology aims to provide information management and technology solutions that support the College's Mission and Strategic Plan.  Underlying those solutions is the need for secure access to confidential data.  In order to satisfy legal, regulatory, and industry compliance, the College requires solutions that assure information privacy and security.  A Data Loss Prevention (DLP) solution achieves this through monitoring, identification, and reporting of Protected Information managed in an unsecure way on or through the College’s electronic resources.  Based on centralized rules and policies, a DLP solution responds to "at risk" data through reporting and intervention.

DLP tools enable the College to responsibly enforce the Privacy Policy and Data Loss Prevention Policy by protecting confidential information like, education records, employee records, identifying information, medical records, health information, proprietary data of the College, and personal and protected Information, as defined by these policies.

What is Protected Information?

Protected Information” -- is a single term that includes all of the following: Confidential Information, Educational Records, Employee Records, Identifying Information, Medical Record or Health Information, Personal Information, and Proprietary Data of the College.

As defined by 11.1 Privacy Policy and Procedure.

Examples of Unsecure Protected Information

Here are a few examples of unsecure transmission or storage of Protected Information.

  • Sending tax forms or tax related information that includes SSN via College email.  This includes emailing tax forms from your personal account to your College account or vice versa.
  • Emailing credit card numbers for any transaction.
  • Storing Protected Information in your email box.  (See 12.1 Vulnerability of Systems; Transmissions of the Privacy Policy)
  • Posting Protected Information to your College provided website.
  • Sending Protected Information to a website using http:// instead of https://.

 

How Does DLP Work?

DLP works much like the antivirus and email filtering tools used by the College to prevent computer virus outbreaks, compromised accounts, and phishing attacks.  Using a set of predefined rules, DLP looks for Protected Information that is knowingly or unknowingly put at risk of exposure through unsecure transfer or storage.  For example, if an individual accidently posted a class list with social security numbers to their personal website, DLP would identify and report that incident so that the owner of the violating data can be notified and the data removed.  DLP monitors data across multiple channels and locations, whether that data is “at rest” stored on a hard drive or other storage media; “in use” being copied from one location to another; or “in motion” travelling across the network through email or file transfer.  It is important to recognize that DLP is only looking for Protected Information managed in an unsecure way and that DLP tools are limited to only scan data on College equipment or transferred across College resources.

DLP does not gather information unrelated to the College’s Protected Information.  The purpose of DLP is prevention of protected data exposure, data loss, or data breach.

Lower Banner 2