Rev. 8.16.19
Purpose
The State University of New York at Fredonia is required by SUNY, New York State and Federal regulations to implement practices to limit the unintended exposure or unauthorized access to Social Security Numbers (SSNs) and Credit Card Numbers (CCNs). SSNs and CCNs are strictly prohibited from being transmitted (sending or receiving) via email. Therefore, the Fredonia Mail Data Loss Prevention (DLP) Policy for Credit Card Numbers (CCNs) and Social Security Numbers (SSN) is intended to actively filter and block fredonia.edu email accounts from sending and receiving this regulated data. The Fredonia Mail DLP Policy will utilize an advanced algorithm and internationally accepted key phrases to effectively filter and then bounce emails that contain this data.
Scope
All inbound and outbound e-mails for fredonia.edu accounts.
NOTE: This also includes email within fredonia.edu domain.
Fredonia Mail Data Loss Prevention (DLP) Policy
The Fredonia Mail DLP uses algorithms to distinguish between valid credit card numbers or valid social security numbers and other numeric strings of the same length and/or format. Detected numbers may not be actual numbers of either type.
Encrypted attachments cannot be scanned. Therefore contents of encrypted attachments will not trigger this policy.
The quarantine (bounce) notification will contain a copy of the original email.
NOTE: If you have a valid business need to send this type of data via fredonia.edu email then please contact the Information Security Office at 716-673-4725 for an approved solution.
SAMPLE Message Quarantine Notification:
Compliance
SUNY Information Security Guidelines: Campus Programs & Preserving Confidentiality #6608
New York State Information Technology Policy: Information Security NYS-P03-002
Related articles appear here based on the labels you select. Click to edit the macro and add or change labels.
|