You are on this page because you have received a message from Yale's Data Loss Prevention (DLP) program. This program is run by Yale's Information Security Office (ISO). It is designed to reduce the risk of unintended exposure to Yale's sensitive data.
You received a DLP message because you took an action that can put Yale's high-risk data at risk.
Yale classifies high-risk data based on its importance, sensitivity, and potential for misuse. Use Yale's Data Classification Guideline to understand what constitutes high risk data.
The DLP program sends alerts for two confidential data types:
- Medical Record Numbers (MRNs), and
- Social Security Numbers (SSNs)
Why did I receive a DLP message?
To the right is an example of a DLP message. You received this message because you are handling MRNs or SSNs in a way that could cause them to be exposed. Your computer running DLP detected one of the following activities:
- Sending MRNs or SSNs via email.
- Printing MRNs or SSNs to an unknown printer.
- Transferring MRNS or SSNs to an unsecure hard drive or network share.
What can I do?
In most circumstances, sending, printing or saving high-risk data must be avoided. However, there are circumstances where this action may be appropriate.
Make sure to review the full contents of the file you are sending. Often, additional files can be embedded containing data of which you weren’t aware. A common example is when an Excel file is embedded in a PowerPoint presentation. Even though the data in the spreadsheet is not visible in the presentation, it can still be extracted. For help locating or removing these files, contact the ITS Help Desk or your local IT support provider.
If you didn't mean to or don't need to send this data:
It is okay if you did not intend to send high-risk data in this way. Often, additional files can be embedded containing data of which you weren’t aware. This means DLP is working as expected and has prevented the data from being exposed.
Circumstances where it is appropriate to send high-risk data:
- The risk is understood and agreed to by the department.
- You are handling your own personal information only.
- You are certain that you are printing to a printer in a secure room.
- You are certain that these files are saving or uploading to a secure location.
If you are at all unsure about how to proceed, you should find an alternative way to handle this data. Below is a list of secure options to send this data.
Secure ways to send high risk data
Encrypt your e-mail
If you are using Office 365 (O365) you can encrypt your email containing sensitive data. See our guide on how to send an encrypted email or read the directions below:
- Open your Office 365 email account, in either the Outlook app or the web portal.
- Compose a new message.
- In the beginning of the subject line of the message, include the word 'encrypt' with square brackets around it. For example: SUBJECT: [encrypt] Please review today
- This will ensure the contents of the email are not readable by anyone other than the recipient.
Secure printing for high-risk data
To securely print high-risk data, use one of the two options below:
- Use PaperCut printing services
- Ensure the printer is in a secure office or room that locks to limit access
- Notify the ITS Help Desk at helpme.yale.edu that this printer is in a secure location so that it can be added to the list of secured printers and will not generate future notifications.
Secure file share for high-risk data
Yale offers multiple ways to share high-risk data, these can be accessed below:
- Use a Secure USB. This is an encrypted USB that can be used to transfer sensitive data.
- Store the data in Yale’s Secure Box. This is a secure way to store and share data with collaborators.
- Use Storage@Yale. This is another secure way to store and share Yale High-Risk data.
If the method of data transfer was previously approved for handling high-risk data, please contact the ITS Help Desk.