The age of digital transformation is truly upon us. At the core of every organization are its data and documents. Protecting this content is paramount to business success. As we have seen with breaches in the past, even the largest and well-protected entities have experienced breaches. Finding their client data for sales on the Dark Web and paying the consequences with bad press, potential litigation, government fines and overwhelming cleanup costs.
If your organization revolves around healthcare and uses electronic transmission of data, then you need to be concerned with HIPAA (Healthcare Insurance Portability and Accountability Act). Electronic transmission of data means if your firm transmits any patient information to anyone else you fall under the HIPAA rules. HIPAA requires a 6-year retention policy for all health records and defined policies around electronic transaction on how healthcare providers handle patient information and penalties for disclosure of patient information through email.
One measure to help prevent data loss in Office 365 is by enabling and tuning Data Loss Prevention Policies in the Security and Compliance Center. Retention policies can also be defined through the use of Data Classifications policies in the Security and Compliance Center. Look for this to be covered in Compliance Management Part 2.
Start with a DLP policy template or start from scratch:
Choose from one of the preconfigured templates that have been made available for common sensitive information types across many different regions.
Choose your Office 365 location:
A DLP policy can find and protect sensitive information across Office 365, whether that information is located in Exchange Online, SharePoint Online, or OneDrive for Business.
Fine tune your policy:
Fine tune your policy by decreasing the sensitivity to minimize false positives or increase the sensitivity to be sure to identify a potential breach in policy.
For a complete DLP overview check out the Overview of data loss prevention policies in Office 365.