False positives for Social Security Number (SSN) data identifiers
book
Article ID: 160047
calendar_today
Updated On:
Products
Data Loss Prevention Enforce
Issue/Introduction
False positives are created for SSN Data Identifiers because of the wide scope of the data identifiers Symantec Data Loss Prevention (DLP) uses.
Resolution
Replace SSN Data Identifier with the more modern Randomized Social Security Data Identifier.
Login to the Enforce console
Select Manage > Policy > Policy List
Create a new SSN policy or edit an existing SSN policy.
Add a new "Content Matches Data Identifier" rule and select 'Randomized US Social Security Number (SSN)' from the drop down list, and click the next button.
Randomized US SSN only allows Medium and Narrow Breadth
Complete the configuration of the rule as required, and save the policy.
Minimize the false SSN positives by using a Medium or Narrow Breadth
Login to the Enforce console
Select Manage > Policy > Policy List
Select the SSN Data Identifier policy
Choose the Rule that contains the SSN Data Identifier
Under Conditions select the SSN Condition
Set the Breadth to Narrow (more strict) or Medium
Click OK
In addition, Exact Data Matching (EDM) of all SSN can be used in conjunction with the names to ensure no false positives. See Detecting Content using Exact Data Matching (EDM) in the Symantec Data Loss Prevention Administration Guide