Data Loss Prevention FAQs
What is Data Loss Prevention (DLP)?
Data loss prevention, or DLP, is a way for the university to monitor, identify, and reduce the accidental release of sensitive information found in Outlook emails and MS Office 365 files.
Why is DLP important?
DLP is important because compliance regulations require us to identify and safeguard sensitive and protected information. DLP also raises user awareness about handling, storing, and sharing data in a uniform manner across the university.
What is considered sensitive data?
Sensitive data includes protected health information (PHI) and personally identifiable information (PII) such as an individual's medical record, address, gender, social security number, credit card numbers, date-of-birth or any other identifiable health information. It may also include business information the university has classified as sensitive.
If I do need to send sensitive information, what is the best way to do it?
Loyola Secure Transfer:
- Send, Receive and Share Files of any file size in and out
- Send Unlimited Sized Files to anyone using a simple Webmail-like Interface
- Receive Unlimited Sized Files from anywhere
- Request Files with a simple link for the receiver to use when responding to the request.
- Learn more about Loyola Secure Transfer.
Do I need to install DLP on my computer?
The DLP client is automatically installed on all University-managed Windows machines. For personal Windows machines, you may install the DLP client manually using the instructions under "Getting Started" on the main webpage.
The DLP client is only available for the Windows operating system at this time.
How do I install the DLP client?
- Navigate to https://www.microsoft.com/en-us/download/confirmation.aspx?id=53018.
- If prompted, download and save the file “AzInfoProtection_UL.exe”. The download may also begin automatically.
- Open this file and follow the prompts to install the software.
Can I install the DLP client on my Mac computer?
At this time, the DLP client is unavailable for macOS.
What is Azure Information Protection (AIP)?
AIP is a solution that allows us to classify and protect documents by applying labels. Labels can be applied using the sensitivity menu that is present in the full non-browser versions of Microsoft Office applications (e.g. Word, Excel, PowerPoint) when used on a Windows computer that has the DLP client installed, or while using the Microsoft 365 versions of these applications. The three labels we have made available are based on LUC’s data classification policy.
Data Loss Prevention Client and Email
What will I see in Outlook?
In Outlook a Policy Tip warning appears when sensitive or protected data is about to be emailed outside the university.
What do I do when a Policy Tip appears?
If you hover the cursor over the Policy Tip, a brief explanation appears in a small pop-up box. You have the option to report a ‘false positive’ if you believe the Policy Tip is incorrect. You also have the ability to apply a sensitivity label to the email by choosing from the Sensitivity button. The Sensitivty labels are Loyola Public, Loyola Senstitive, and Loyola Protected.
Will the university block my outgoing email?
As of 5/18/2021, DLP may block outgoing email under certain conditions.
How will DLP work in Microsoft Office documents?
In Microsoft Office documents (e.g. Word, Excel, PowerPoint), DLP may apply the "Loyola Protected" sensitivity label if protected content is detected. You can also apply a sensitivity label manually. Once a sensitivity label is applied, it remains with the document.
Does DLP work with PDFs and other files?
DLP only works with MS Office 365 files and Outlook email. It does not work with PDFs.
Does DLP work with shared drive folders?
DLP allows you to classify and protect MS Office 365 files within folders, such as departmental file shares and personal storage. When you classify and protect a folder, the labeling is applied to all MS Office 365 files contained within that folder.
What does the "Report" button do?
The Report button will send a notification for logging purposes only. If you have a question about a potential false positive, please contact the ITS Service Desk.
What does the Override Button Do?
Some notifications allow you to override the default classification. Clicking the override button will display a text box that will allow you to provide an explanation as to why you believe the classification is incorrect and will allow you to email or share the content.
Who do I contact with questions about DLP?
Contact the ITS Service Desk if you have additional questions about DLP.