Skip to main content

Data Loss Prevention (DLP)

Background

To protect the University from the financial penalties and loss of reputation that result from High Risk Data being inappropriately released, Data Loss Prevention (DLP) appliances have been incorporated into Stanford's email infrastructure. Currently, these look only for Protected Health Information (PHI) that matches hospital records from Stanford Health Care or Stanford Children's Health. When a match is found in an email that was not sent via Secure Email the message is blocked from delivery and the sender is notified via email. Only data that matches hospital patient records should cause a message to be blocked. This technology has been successfully deployed in the two hospitals since 2013.

Email messages that are blocked by the DLP appliances are retained for a period of time to allow staff from Stanford's Privacy Office or the Stanford IT organizations to improve the accuracy of the protection rules in place.

User notification

When an email is blocked, the sender receives an automated email informing them of the block. A sample message is below:

Subject: Email Message Blocked

An email that you just sent has been blocked from delivery because it appears to contain High Risk Data such as protected health information (PHI) or Personally Identifiable Information (PII), and was not sent via Stanford's secure email service.

When sending High Risk Data in the body of an email or as an attachment, always insert "Secure:" in the subject line to send the message securely.  While “secure:” is not case sensitive and can appear anywhere in the subject line, the trailing colon with no space between is required to trigger the secure email service.  See secureemail.stanford.edu for more information.

Please note that a copy of the blocked email will be retained and may be reviewed by staff from the University Privacy Office, Office of General Counsel, or the Information Security Office (ISO) for authorized investigations, or by University IT in response to user inquiries.

For questions, please submit a Help request to the DLP team. 

For more information about Stanford’s data loss prevention (DLP) service for email, see dlp.stanford.edu.

Users can re-send the message, putting "Secure:" in the subject line in order to have it delivered.

Support

If you have any questions about DLP technology or need any information about why a specific message you sent was blocked please submit a Help ticket.

Last modified