Forum Discussion

mikerowlandlondon's avatar
mikerowlandlondon
Brass Contributor
Jun 11, 2018

Overrides and false positives in DLP policy end user experience

Ok so a user gets a policy applied to his/her document for let's say PCI compliance.

On the policy tip we give the user the option to override with a business justification or to report as a false positive.

 

If they click the "report" button in the policy tip where does that go? where do I as an admin go to review those and presumably take some kind of action on that report? allow and reclassify or keep the classification and inform the user.

 

I'd expect to see something in the S&C reports but I can't see a thing. I can view my overrides report and view where a user has overridden a classification but nothing anywhere else that lets me interact with any reported "cases"

  • Simon Backwell's avatar
    Simon Backwell
    Jun 19, 2018
    No I'm not able to; I don't think you can.

    If someone does put down it's a false positive and it's not, I usually go and speak to the individual or email them. There's no way that I know of to reclassify it.

    I also have alerts turned on to me when people do it so when I get the email, it shows the override reason and false positive answers. If anyone puts anything that we don't agree with as being an acceptable answer, then we raise this with them/their line manager.

Resources