cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1473
Views
0
Helpful
1
Replies

DLP policy for state privacy regulations (Washington SB-6043 in my case)

USD SmartAlerts
Level 1
Level 1

I am trying to enable the DLP rule for Washington state privacy regulations. I tried using the preconfigured template, but I get a lot of false-positives. Does anyone have experience setting these up or customizing the template? This is new for me. Washington's requirements are:

 

 Washington SB 6043 requires that any person or business that owns or licenses computerized data that includes PI must disclose security system breach to those whose unencrypted PI is reasonably believed to be acquired by an unauthorized person. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and Washington driver license numbers. The rules for this policy are:
    
-SSN with WA driver license
    
-SSN with CCN
    
-Name with SSN
    
-Name with Washington driver license
    
-Name with CCN
    
-SSN with DNA profile 

 

Thanks!

1 Reply 1

ppreenja
Cisco Employee
Cisco Employee
Hi,

You can check for the matched content option in the quarantined emails and see what exactly matched in the policy which is causing the false positives. We can determine what is matching by ensuring that we have the Matched Content Logging enabled under Security Services > RSA Email DLP. Once we have this enabled we can ensure that the quarantine action is set under Mail Policies > DLP Message Actions. This will then allow the messages to be quarantined and we should then see the matched content in the quarantine.
For False Negatives:

Determine which DLP Policy the customer has enabled, and which content the customer thinks should have triggered the policy.

For False Positives:

Find out which DLP Policy was triggered, and get a copy of the email or document that triggered it.

Also, please find below some information on the US State Regulatory Compliance DLP policy named "Washington SB-6043" which might be helpful:

- Washington SB-6043

Identifies documents and transmissions that contain personally identifiable information (PII) regulated by Washington SB-6043. Persons and businesses that conduct business in Washington and own or license unencrypted computerized PII about Washington residents are expected to protect the PII from security breach, and to notify individuals and information owners if their lost PII has been or is likely to be misused. Any person or business that conducts business in Washington and owns or licenses unencrypted computerized PII data for Washington residents, regardless of the entity’s physical location, is required to comply. This policy detects US Social Security numbers, credit card numbers and US drivers license numbers. US drivers licenses are configurable under DLP Policy Manager > Advanced Settings.

I hope the aforementioned information is helpful.

Cheers,
Pratham