Enhanced Email Data Loss Protection July 24, 2014 To reduce the likelihood of unintentional release of sensitive information, Drexel implemented an email data loss protection service in October 2013. That service is being improved on July 31 to bring more transparency and clarity to which messages contain sensitive information and to provide senders with an opportunity to review such messages before the information is delivered. Since October, messages sent from the “@drexel.edu” email systems to email addresses on other systems have been scanned for sensitive information such as social security numbers or credit card numbers. Messages containing more than a few such sensitive numbers get encrypted before being sent to the recipients. Senders weren’t notified that the system detected sensitive information or that the message was encrypted until after it was sent. Beginning on July 31, senders will have the opportunity and obligation to review such messages before they are sent, allowing unnecessary sensitive information to be removed instead of released. Initially, when an outgoing message contains sensitive data, the message will be discarded and the sender will be notified of the need to perform a review. When the notification is received, the sender can open his or her Sent Items folder to review the message, any attachments that it contains, and the addresses to which it was sent. Unneeded sensitive information should be removed, mistyped recipient addresses should be fixed, and unintended recipients should be removed before the message is resent. After the review, if all sensitive information was removed, the message can be sent again normally. If the message must still contain sensitive information (or information that looks like sensitive information), the message can be sent again with “[reviewed-resend]” appended to the subject line. (Note, the braces are needed, but the quotation marks are not.) The [reviewed-resend] command lets the protection service know that you have checked the contents and addressees to prevent unnecessary data loss and that the message should be encrypted and sent. The [reviewed-resend] command is automatically removed from the subject line before the message is encrypted and sent so that recipients never see it. Later this year, the data loss protection system will be enhanced to look for large disclosures of University ID numbers in addition to social security and credit card information. If you have questions about the data loss protection system or these changes, please email email@example.com.