Mar 27 2019
09:24 AM
- last edited on
Feb 19 2021
04:58 AM
by
TechCommunityAP
Mar 27 2019
09:24 AM
- last edited on
Feb 19 2021
04:58 AM
by
TechCommunityAP
Our DLP policies have been turned on for a little more than a week and I was reviewing the report to see what types of information are being flagged. There are quite a few that show the SensitiveInformationType as an ICD-10-CM flag (Screenshot 1). I reviewed the DlpCompliancePolicy (U.S.A Financial Data) that it's being detected in, but I don't see anything monitoring for ICD-10 (Screenshot 2).
According to our policy (USA Financial Data) and the compliance rule (Low volume of content detected in USA Financial Data), shouldn't this policy only be monitoring for CC#, US Bank Acct. #, and ABA Routing #? If so, why is the report showing flags for ICD-10? If not, where would I see the additional monitoring for ICD-10? I haven't found anything in mail flows either that would suggest it's monitoring for ICD-10 terms.
Mar 27 2019 11:07 AM
Looks like a bug to me, it should only detect sensitive information types you've explicitly specified in the policy settings. Open a support case.