Email Data Loss Prevention (DLP)

Learn about Stevens Data Loss Prevention policies and their exceptions.

How to Send Emails with Sensitive Data

Under the Protect Stevens Program, Stevens end users will begin to notice several security controls in place to protect email, specifically those containing sensitive Personal Identifiable Information (PII) data (defined in the Data Classification Standard) as it leaves the Stevens email network. PII-sensitive data types include but are not limited to the following:

Credit Card Numbers
U.S. Bank Account Numbers
U.S. Individual Taxpayer Identification Numbers (ITIN)
U.S. Social Security Numbers (SSN)
U.S. / U.K. Passport Numbers
U.S. Driver's License Numbers

Controls are in place in accordance with Email Data Loss Prevention (DLP) policies, which automatically scan outgoing emails containing sensitive information by Stevens users (staff, faculty, and students).

End users will receive various notifications when attempting to send sensitive PII information via email.

Here are some notifications end users may encounter when attempting to share sensitive data:

Policy Tip

This label is automatically generated on the email client app when it detects sensitive data and is designed to raise awareness about the handling of sensitive information:

Screenshot of policy tip pop-up at top of email

User Override

Depending on the volume of sensitive data, the Email DLP policies will either allow or block outgoing emails. For example, in the case of a low volume detection (1-9 instances) of sensitive data, outgoing email functionality is allowed. However, in the case of a high-volume detection of sensitive data (10+ instances), the email will be automatically blocked. Users can apply a User Override functionality, which allows the user to remove the block by providing a business justification or by reporting a false positive. Here is how the message will appear:

Screenshot of email override form pop-up

Follow-up Email

Users can expect to receive a Protect Stevens Data email, outlining why their email triggered a DLP policy as well as additional resources to review Stevens Sensitive Data policies.

Mac & Non-Windows Users

Microsoft Email DLP policies run natively on the Windows Outlook client app and are unsupported on non-Windows devices such as Mac devices. Mac users will receive none of these user notifications, and they will be automatically blocked when sending emails containing a high volume of sensitive data (10 or more). In order to bypass this, Mac users can use the Outlook Web App (OWA) or they can apply Sensitive or Restricted Sensitivity Labels to their emails (as shown below). The latter would encrypt and allow the mail to flow out.

Screenshot of sensitivity label dropdown

Sending Non-PII Sensitive Data

There are some types of sensitive information that will not be flagged by our DLP policies. For example, source code, financial records, research, student data, passwords, etc. In these cases, we strongly encourage you to utilize Sensitivity Labels (specifically Sensitive or Restricted labels) in Outlook, which will automatically encrypt the email and its sensitive content.

Experiencing an issue or need additional support? Contact our OneIT Team:

Open a support ticket or
Call 201-380-6599