Minimum DLP rules & thresholds for all users

["Jim A. Bole" <jbole () STEVENSON EDU>]

I would like to get some feedback from folks that have deployed a DLP solution:
1.       What are the minimum rules and thresholds you've applied across your org to all/most users, as opposed to more 
granular rules you may have applied to specific groups requiring increased security/privacy?
2.       Since SSN is often regarded as a key piece of PII, what rules/thresholds have you applied for SSNs and what 
regulatory criteria supports it (FERPA, GLBA, GDPR, etc.)
3.       What person or group is responsible for establishing DLP policy parameters, IT, Privacy Office, Legal, etc.?
I'm especially interested in small/medium private institutions like mine who don't have as heavy of a compliance burden 
as larger, public ones.

Many thanks.

Jim Bole
Director of Information Security
Stevenson University
1525 Greenspring Valley Road
Stevenson, MD, 21153-0641
jbole () stevenson edu | O: 443-334-2696



**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community