Effective Dec. 1, stricter policies will be put in place in Office 365 to help prevent the sharing and storing of sensitive and restricted data via UGAMail and OneDrive for Business.
Data Loss Prevention (DLP) polices already exist to prevent UGA students and employees from sharing Social Security Numbers over email. Additional DLP policies will include controls for other Restricted Data types, such HIPAA ePHI data, credit card data, and bank account information. There will also be a control that prevents the sharing of Sensitive Student Records.
Beginning Dec. 1, if you try to email messages or share files with any of these data types, you may be prevented from doing so. You will see a notification in your email client or web browser. If you believe you have not violated the DLP policy, you will be able to self-service report errors and override the DLP policy with a written justification.
Examples of these notification include the following:
- A notice in your web browser or email client, reading: Policy Tip: Your email message conflicts with a policy in your organization. To send this message without removing the information, you must first select Override. View details about the information that appears sensitive.
- You may also receive an email notification, reading: Your email message could not be sent, due to a violation of UGA’s Data Loss Prevention Policy (DLP). Sharing sensitive or restricted data, such as Social Security numbers, HIPAA ePHI data, credit card data and bank account information via email or OneDrive for Business is prohibited at the University of Georgia. If you are not transmitting sensitive or restricted data and received this message in error, contact our Help Desk at 706-542-3106.
You can also contact the EITS Help Desk at firstname.lastname@example.org or 706-542-3106.
If you need to share sensitive or restricted information, you can use SendFiles, an encrypted file service that allows you to securely share sensitive documents and large files online.
For more information about this change, please contact Chris Workman at email@example.com.