Understand Pitt IT's Data Loss Prevention (DLP) Framework

Overview

Pitt Information Technology’s Data Loss Prevention (DLP) framework is designed to enhance data security and promote best practices for handling sensitive information across multiple platforms. This framework is applicable to Microsoft Outlook and Exchange Online, Teams, OneDrive, and SharePoint.

All messages and documents shared via these services will be automatically scanned by Microsoft to detect items that:

  • Contain Restricted data or potentially sensitive information
  • Are not encrypted or otherwise rights-protected
  • Are shared with recipients outside the University of Pittsburgh

The specific types of sensitive information detected by the policy may include:

  • Personally identifiable information (PII), such as social security, passport or driver’s license numbers
  • GDPR/sensitive European Union PII
  • GLBA/banking information
  • HIPAA/protected health information (PHI)
  • PCI DSS/credit card information
  • Sensitive IT information, such as usernames and passwords, API keys, and other types of secrets

At this time, the DLP framework is intended for informational and educational purposes only. No messages or documents will be automatically blocked or otherwise modified. This framework serves as a reminder for users to remain vigilant and ensure that data remains protected and secure.

Notification Processes

When a message or document meets all of the conditions outlines above, the sender or document owner will receive a notification detailing the type(s) of sensitive information that were detected and provide guidance to help protect future communications. The notification method varies slightly depending on the service:

Microsoft Outlook and Exchange Online

The sender will receive a follow-up email with details and guidance if the message body or attachment(s) containing sensitive information is sent to an external recipient (excluding @upmc.edu email addresses). The email will link to Pitt IT's Outlook Email Encryption Security Guide.

Teams

A tool tip message will appear at the top of the Teams chat window if sensitive information is detected in a chat that includes external participants.

OneDrive

The document owner will receive an email with details linking to Pitt IT’s OneDrive Security Guide when documents containing sensitive information are shared with external collaborators.

SharePoint

The document owner will receive an email linking to Pitt IT’s SharePoint Security Guide when documents containing sensitive information are shared with external collaborators.

 

Collaboration with UPMC Accounts

Microsoft Outlook and Exchange Online

The DLP framework applies to all email messages and attachments sent to external recipients. However, collaborators with @upmc.edu email addresses are excluded, meaning that sending sensitive information over email to UPMC contacts via Microsoft Outlook and Exchange Online will not trigger a notification.

Teams, OneDrive, and SharePoint

UPMC collaborators are not excluded from the DLP framework when using Teams, OneDrive, or SharePoint to share information. Documents and Teams messages shared with UPMC users will trigger the appropriate notification as described above.

Print Article