Data Loss Prevention FAQs

Data loss prevention, or DLP, is a way for the university to monitor, identify, and reduce the accidental release of sensitive information found in Outlook emails and MS Office 365 files.

DLP is important because compliance regulations require us to identify and safeguard sensitive and protected information. DLP also raises user awareness about handling, storing, and sharing data in a uniform manner across the university.

Sensitive data includes protected health information (PHI) and personally identifiable information (PII) such as an individual's medical record, address, gender, social security number, credit card numbers, date-of-birth or any other identifiable health information. It may also include business information the university has classified as sensitive.

Loyola Secure Transfer:

• Send, Receive and Share Files of any file size in and out
• Send Unlimited Sized Files to anyone using a simple Webmail-like Interface
• Receive Unlimited Sized Files from anywhere
• Request Files with a simple link for the receiver to use when responding to the request.
• Learn more about Loyola Secure Transfer.

The DLP client is automatically installed on all University-managed Windows machines. For personal Windows machines, you may install the DLP client manually using the instructions under "Getting Started" on the  main webpage.

The DLP client is only available for the Windows operating system at this time.

1. Navigate to https://www.microsoft.com/en-us/download/confirmation.aspx?id=53018.
2. If prompted, download and save the file “AzInfoProtection_UL.exe”. The download may also begin automatically.
3. Open this file and follow the prompts to install the software.

At this time, the DLP client is unavailable for macOS.

AIP is a solution that allows us to classify and protect documents by applying labels. Labels can be applied using the sensitivity menu that is present in the full non-browser versions of Microsoft Office applications (e.g. Word, Excel, PowerPoint) when used on a Windows computer that has the DLP client installed, or while using the Microsoft 365 versions of these applications. The three labels we have made available are based on LUC’s data classification policy.

In Outlook a Policy Tip warning appears when sensitive or protected data is about to be emailed outside the university.

If you hover the cursor over the Policy Tip, a brief explanation appears in a small pop-up box. You have the option to report a ‘false positive’ if you believe the Policy Tip is incorrect. You also have the ability to apply a sensitivity label to the email by choosing from the Sensitivity button. The Sensitivty labels are Loyola Public, Loyola Senstitive, and Loyola Protected.

As of 5/18/2021, DLP may block outgoing email under certain conditions.

In Microsoft Office documents (e.g. Word, Excel, PowerPoint), DLP may apply the "Loyola Protected" sensitivity label if protected content is detected. You can also apply a sensitivity label manually. Once a sensitivity label is applied, it remains with the document.

DLP only works with MS Office 365 files and Outlook email. It does not work with PDFs.

DLP allows you to classify and protect MS Office 365 files within folders, such as departmental file shares and personal storage. When you classify and protect a folder, the labeling is applied to all MS Office 365 files contained within that folder.

The Report button will send a notification for logging purposes only. If you have a question about a potential false positive, please contact the ITS Service Desk.

Some notifications allow you to override the default classification.  Clicking the override button will display a text box that will allow you to provide an explanation as to why you believe the classification is incorrect and will allow you to email or share the content.

Contact the ITS Service Desk if you have additional questions about DLP.