Forum Discussion

ravi9482's avatar
ravi9482
Copper Contributor
Dec 18, 2023

DLP Policy Checking To, Cc, and Bcc Fields in Email

Hello,

 

 I am setting-up a DLP policy that can detect emails and person names in an email and if found (more than 10), raise an alert as they are PII data elements.

 

When enforced, the DLP policy is also scanning person names and emails from "to", "cc" and "bcc" fields in a long email chain and flagging the replies as "containing sensitive data".

 

How to ensure that the policy excludes any emails, dates (sent or received), and person names from the email's metadata (to, cc, bcc, and sent) fields?

 

I am using in-built "full name" classifier to detect person names and a regular expression for finding emails.

 

Thanks.

1 Reply

  • vicwingsing's avatar
    vicwingsing
    Iron Contributor

    ravi9482 

     

    Try creating a nested conditions in Purview DLP like this:

     

    It checks the email being sent and check the content of the email and NOT the email Headers patterns which includes sent, bcc, etc.

     

     

Resources