SOLVED

Data loss prevention

Copper Contributor
I work in a recruitment company. Our consults receive 1000s of resumes a year but only upload 10-20% to our database. Some also record all their key information their candidates - contact, interview notes on an individual excel on their pc and not in our server.

What options do we have to automatically upload those docs to our database or even server? We have the parsing tech but we need to have a way to identify and the pull the docs daily?

And what methods can be used to reduce data “theft”?

Could Microsoft 365 enterprise solve this issue?

Sent from my iPhone
9 Replies

@Cyrus2425 

 

Hello,
I am definitely not the right one for this question, but I would like to give you a few additional questions on the way.

Is it a European company?
Are you in an EU country?
If you answered yes to these questions, then you should also include the EU GDPR (General Data Protection Regulation) in your plans.

If this is not the case and everyone answers no, then I recommend that you share a work folder with other specified people and depending on the worksheet.

here some information about it:
Share your Excel workbook with others
or

Collaborate on Excel workbooks at the same time with co-authoring

https://support.microsoft.com/en-us/office/collaborate-on-excel-workbooks-at-the-same-time-with-co-a...

 

I would be happy to know if I could help.

 

Nikolino

I know I don't know anything (Socrates)

 

 
best response confirmed by Cyrus2425 (Copper Contributor)
Solution
The most important factor is to get the data off those local machines. The best way to do this would be to promote SharePoint Online, you'd be a perfect use case for SharePoint Syntex as you can pull the data from those documents automatically and make users lives easier in the process: https://adminseanmc.com/2020/10/05/sharepoint-syntex-unlocking-the-power-of-your-data-with-a-form-pr...

I'd recommend looking at protecting the documents with sensitivity labels, you can event automate this based on content if you go for information protection plan 2: https://docs.microsoft.com/en-us/microsoft-365/compliance/apply-sensitivity-label-automatically?view....

If you can't get the data into SharePoint then you have the option of deploying the unified labelling scanner to the machines to scan and protect data on them based on content: https://docs.microsoft.com/en-us/azure/information-protection/deploy-aip-scanner

To automate upload to SharePoint you could use a simple Flow to extract attachments from email and post to a SharePoint document library where you could have Syntex parse the relevant info from the documents automatically.
I should also mention that when the data is in SharePoint Online, you can use DLP policies to prevent it leaving the business via email or sharing.

Thanks a lot for the response - no we are not, but may be in the future - I think the GDPR implications are significant and definitely something we need to look at as well as prepare for this type of legislation to be rolled out in other markets we operate @NikolinoDE 

Very useful thank you. I'm thinking that we use 365  enterprise virtual desktop solutions and migrate everything on to the Cloud and lock down all systems to only be accessible via the virtual desktop. 

 

What you think? 

@SeanMcAvinue 

Depending on your app requirements, WVD can absolutely provide the platform here. You'd essentially be turning client machines into 'thin clients' with no data stored on them and all work is carried out on WVD. Nice and tidy solution, keep in mind the training and adoption aspects of it and maybe eventually lock down 365 data access to just your WVD pool via conditional access.

@Cyrus2425 

If you want it to be EU-GDPR compliant, then I recommend that you do not yet decide on a final solution.
At the moment, Office 365 is not even compliant with the European regulation.

Or rather, it is still under negotiation as to whether it can be used or not.

At the moment the Netherlands and Germany have major objections. For these countries, GDPR-compliant use of Office 365 is currently not possible.

That doesn't mean that Microsoft can't make it possible in the future,

but if I were to invest as a company in the future,

I would wait for the final result of the negotiations ... in my humble opinion.

After all, it is about corporate investment that must be justified and above all, the cost-benefit of the project.


I am almost certain that Microsoft will find a way to deal with the EU GDPR.

But when, with which products?

 

In my humble opinion, wait and see... and then buy Microsoft products that will be best suited to your project.
 
But in the end you have to make the decision, because you have to be responsible for it in your company.
 

Nikolino

I know I don't know anything (Socrates)

@NikolinoDE 

Correctly configured tenancies can be fully GDPR compliant and even leverage the built in GDPR toolsets in Microsoft 365. I've never seen GDPR being a blocker for moving to Microsoft 365. Germany also has it's own instance of M365. I'm curious to know more about the issues, do you have any more information on this? - Sorry, slightly off topic.

@SeanMcAvinue 

I just reflected the current situation, which I only learn from the German press.

At the same time I think it is not right for me to spread such information in the forum that I am also a guest. Since the negotiations are still in progress.

 

I just wanted to be correct when it came to my recommendation on the subject of Certified safety GDPR , without which I absolutely want to go into the details.


In the end, I'm just a part of this microsoft cosmos like everyone else here, whether I like it or not.

That I'm here... means that I like it :)


Nikolino
I know I don't know anything (Socrates)

1 best response

Accepted Solutions
best response confirmed by Cyrus2425 (Copper Contributor)
Solution
The most important factor is to get the data off those local machines. The best way to do this would be to promote SharePoint Online, you'd be a perfect use case for SharePoint Syntex as you can pull the data from those documents automatically and make users lives easier in the process: https://adminseanmc.com/2020/10/05/sharepoint-syntex-unlocking-the-power-of-your-data-with-a-form-pr...

I'd recommend looking at protecting the documents with sensitivity labels, you can event automate this based on content if you go for information protection plan 2: https://docs.microsoft.com/en-us/microsoft-365/compliance/apply-sensitivity-label-automatically?view....

If you can't get the data into SharePoint then you have the option of deploying the unified labelling scanner to the machines to scan and protect data on them based on content: https://docs.microsoft.com/en-us/azure/information-protection/deploy-aip-scanner

To automate upload to SharePoint you could use a simple Flow to extract attachments from email and post to a SharePoint document library where you could have Syntex parse the relevant info from the documents automatically.

View solution in original post