UCOP Data Loss Prevention Program FAQ

What is a data loss prevention (DLP) tool?

A DLP tool is software that that helps protect against the loss or misuse of confidential information. The software monitors computers, cloud storage and email for predefined sensitive and personally identifiable information (e.g., Social Security numbers) and sends alerts to information technology staff regarding the insecure storage and/or transmission of such data.

Why is UCOP implementing DLP?

Institutional information is one of UCOP’s most important and valuable assets, and preventing its exposure, theft, or loss is critical to reducing institutional risk. Protecting the privacy and personal information of our employees is of equal importance. In light of increasing cyber threats, Information Technology Services (ITS) is working on several enhancements to our data security practices and controls to help ensure the protection of sensitive data. The DLP project is one of these initiatives. UCOP has purchased Forcepoint, an industry standard DLP tool, for this purpose.

When will Forcepoint launch?

Forcepoint will be deployed beginning on October 20, 2021. You will receive an email notifying you of the deployment before it happens. The initial deployment will search only for groups of 10 or more Social Security numbers (combined with names) on UCOP-managed workstations, laptops, and in email. In the coming months, Forcepoint will be applied to Box, databases, file shares, and wired and wireless networks. Employees will be informed before any expanded use of Forcepoint.

Will Forcepoint change the way I access my files or send email?

No. Because Forcepoint operates in the background, you will be able to access your computer and files and send email as you do now. No action on your part is required.

How does Forcepoint work?

Forcepoint scans UCOP-managed workstations, laptops and email for improper or insecure usage or transmission of sensitive data. When Forcepoint detects an irregularity, such as files containing Social Security numbers being emailed or uploaded to the internet, it sends an alert to ITS, where security operations analysts will review the file or email to determine whether policy or acceptable usage has been violated. Security analysts use “principles of least perusal” — reviewing as little data as possible — in considering whether an alert is legitimate, in accordance with the Electronics Communications Policy.

What is considered sensitive data?

At this time, we have defined sensitive data as Social Security numbers (SSNs) combined with names, and Forcepoint will be scanning only for files containing 10 or more SSNs. In the future, the definition of sensitive data will be broadened to include other personally identifiable information. Employees will be notified in advance of any expansion of Forcepoint’s use.

How will I know if one of my emails has triggered an alert?

If an alert is found to be legitimate, you will receive an email from ITS with instructions on secure file transfer. In the event you trigger multiple alerts over time despite repeated instructions on secure file transfer, you may be subject to disciplinary action. If an alert is a false positive, you will not be notified.

What would be considered a false positive alert?

Examples of false positives are a file containing test data or a spreadsheet containing full names and nine-digit numbers that turn out not to be Social Security numbers.

What if I store or transmit personal files, such as my tax return, on a UCOP-managed computer?

Because Forcepoint scans only for files containing 10 or more Social Security numbers, it is improbable that your personal files would trigger an alert. In the unlikely event that an alert is triggered, an ITS analyst, using principles of least perusal, would most probably recognize the alert as a false positive.

Will my mobile devices, such as my cell phone and tablet also be monitored?

No. Cell phones and tablets will not be monitored, nor will any personal computing devices.

Will the university use Forcepoint to monitor my online activities, including which websites I visit and what transactions I make?

No. UC will not use the tool to monitor employees’ online activity.