General discussion

  • Creator
  • #3988360

    Reporting violators of DLP policies

    by bg12345 ·


    We use a DLP solution, Digital Guardian, at our healthcare organization. Based on set rules, emails that are detected to have PHI and PII are encrypted, even if the user does not initiate the encryption. Whenever someone does not encrypt a message with PII or PHI, we get alerted. Then, we send an email to the violator, adding people such as the CISO and chief compliance staff members to chime in. Is this necessary? I do not want to be a tattletale, but I also don’t want people violating security policy. Is there a better route to take, such as educating the user on the importance of email encryption and/or reporting violators to the compliance office without putting the user on blast.

You are posting a reply to: Reporting violators of DLP policies

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our Community FAQs for details. All submitted content is subject to our Terms of Use.

All Comments

  • Author
Viewing 1 reply thread