Showing results for 
Search instead for 
Did you mean: 
Cisco Secure Email Support Community

Product Support Talos Support Cisco Support Reference + Current Release
Gateway Reputation Lookup Open a support case Secure Email Guided Setup
Gateway: 14.0.1-033
Cloud Gateway Email Status Portal Support & Downloads
Email and Web Manager: 14.0.0-418
Email and Web Manager Web & Email Reputation Worldwide Contacts Product Naming Quick Reference
Reporting Plug-in:
Encryption Bug Search
Encryption Plug-in:
Cloud Mailbox Notification Service
Outlook Add-in(s): More info

USD SmartAlerts

DLP policy for state privacy regulations (Washington SB-6043 in my case)

I am trying to enable the DLP rule for Washington state privacy regulations. I tried using the preconfigured template, but I get a lot of false-positives. Does anyone have experience setting these up or customizing the template? This is new for me. Washington's requirements are:


 Washington SB 6043 requires that any person or business that owns or licenses computerized data that includes PI must disclose security system breach to those whose unencrypted PI is reasonably believed to be acquired by an unauthorized person. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and Washington driver license numbers. The rules for this policy are:
-SSN with WA driver license
-SSN with CCN
-Name with SSN
-Name with Washington driver license
-Name with CCN
-SSN with DNA profile 



Cisco Employee


You can check for the matched content option in the quarantined emails and see what exactly matched in the policy which is causing the false positives. We can determine what is matching by ensuring that we have the Matched Content Logging enabled under Security Services > RSA Email DLP. Once we have this enabled we can ensure that the quarantine action is set under Mail Policies > DLP Message Actions. This will then allow the messages to be quarantined and we should then see the matched content in the quarantine.
For False Negatives:

Determine which DLP Policy the customer has enabled, and which content the customer thinks should have triggered the policy.

For False Positives:

Find out which DLP Policy was triggered, and get a copy of the email or document that triggered it.

Also, please find below some information on the US State Regulatory Compliance DLP policy named "Washington SB-6043" which might be helpful:

- Washington SB-6043

Identifies documents and transmissions that contain personally identifiable information (PII) regulated by Washington SB-6043. Persons and businesses that conduct business in Washington and own or license unencrypted computerized PII about Washington residents are expected to protect the PII from security breach, and to notify individuals and information owners if their lost PII has been or is likely to be misused. Any person or business that conducts business in Washington and owns or licenses unencrypted computerized PII data for Washington residents, regardless of the entity’s physical location, is required to comply. This policy detects US Social Security numbers, credit card numbers and US drivers license numbers. US drivers licenses are configurable under DLP Policy Manager > Advanced Settings.

I hope the aforementioned information is helpful.