Move to Exchange Online with Data Loss Prevention policies
Whether it’s accidental loss or done with malicious intent, data security breaches can put your business at risk in an instant. In the UK, the most important piece of legislation organisations must worry about is the Data Protection Act and the possibility of fines by the Information Commissioner (ICO).
More and more businesses are finding they need better enforcement of data protection regulations to make sure they comply with information privacy protocols, not just to protect sensitive information but to prevent its inadvertent disclosure.
Examples of sensitive information you might want to prevent from leaking outside your organisation include financial data and personally identifiable information such as credit card numbers and National Insurance numbers. Increasingly important are information records with confidential content such as customer data, court proceedings, medical records, personnel records, educational reports and other reports with personal information which if disclosed publically, is not just embarrassing but can lead to serious legal action which is both costly and damaging.
Now with Office365 and Exchange Online you can build in Data Loss Prevention (DLP) policies which will identify, monitor and automatically protect sensitive information. The implementation of DLP policies can automatically stop users copying sensitive data to USB sticks or attaching files of non-secured data to e-mails. The business can choose the circumstances under which the data can be copied or sent.
Exchange Online has over 50 DLP policy templates to use as a starting point for implementing policies to help you meet your regulatory and business policy needs. There are some country specific policies which are very useful if you are dealing with non-UK organisations or offices, especially those in the USA and you can modify the templates to meet the specific needs of your organisation.
For the UK, the templates are:
Data Protection Act: Helps detect the presence of information subject to United Kingdom Data Protection Act, including data like National Insurance numbers.
Access to Medical Reports Act: Helps detect the presence of information subject to United Kingdom Access to Medical Reports Act, including data like National Health Service numbers.
Privacy and Electronic Communications Regulations: Helps detect the presence of information subject to United Kingdom Privacy and Electronic Communications Regulations, including data like financial information.
Personal Information Online Code of Practice (PIOCP): Helps detect the presence of information subject to United Kingdom Personal Information Online Code of Practice, including data like health information.
Personally Identifiable Information (PII) Data: Helps detect the presence of information commonly considered to be personally identifiable information (PII) in United Kingdom, including information like driver's license and passport numbers.
Financial Data: Helps detect the presence of information commonly considered to be financial information in United Kingdom, including information like credit card, account information, and debit card numbers.
With a DLP policy, you can:
Identify sensitive information across many locations.
For example, you can identify any document containing a credit card number. In addition, you can also create a DLP policy that applies to e-mail and other mailbox items.
Prevent the accidental sharing of sensitive information.
Across all sites, you can identify any document containing a health record that’s shared with people outside your organisation, and then automatically block access to that document for everyone except the primary site collection administrator, document owner, and the person who last modified the content.
Monitor and protect sensitive information in the desktop versions of Excel 2016, PowerPoint 2016, and Word 2016.
These Office 2016 desktop programs include the same capabilities to identify sensitive information and apply DLP policies. DLP provides continuous monitoring when people share content in these Office 2016 programs.
Help users learn how to stay compliant without interrupting their workflow.
You can educate your users about DLP policies and help them remain compliant without blocking their work. For example, if a user tries to share a document containing sensitive information, a DLP policy can both send them an e-mail notification and show them a policy tip in the context of the document library that allows them to override the policy if they have a business justification. The same policy tips also appear in Excel 2016, PowerPoint 2016, and Word 2016.
View DLP reports showing content that matches your organisation’s DLP policies.
To assess how your organisation is complying with a DLP policy, you can see how many matches each policy and rule has over time.
About MIS Hosting
MIS are a Microsoft Gold Business Partner for Midmarket, Hosting and Education Solutions and the information contained in this article is from the Microsoft Office Support page - overview of data loss prevention policies. Please contact us and we would be happy to discuss the benefits of moving to Exchange Online.
. Phone 0845 330 4026 or Email: firstname.lastname@example.org