False positives for Social Security Number (SSN) data identifiers

book

Article ID: 160047

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

False positives are created for SSN Data Identifiers because of the wide scope of the data identifiers Symantec Data Loss Prevention (DLP) uses.

Resolution

Replace SSN Data Identifier with the more modern Randomized Social Security Data Identifier.

  1. Login to the Enforce console
  2. Select Manage > Policy > Policy List
  3. Create a new SSN policy or edit an existing SSN policy.
  4. Add a new "Content Matches Data Identifier" rule and select 'Randomized US Social Security Number (SSN)' from the drop down list, and click the next button.
    • Randomized US SSN only allows Medium and Narrow Breadth
  5. Complete the configuration of the rule as required, and save the policy.

Minimize the false SSN positives by using a Medium or Narrow Breadth

  1. Login to the Enforce console
  2. Select Manage > Policy > Policy List
  3. Select the SSN Data Identifier policy
  4. Choose the Rule that contains the SSN Data Identifier
  5. Under Conditions select the SSN Condition
  6. Set the Breadth to Narrow (more strict) or Medium
  7. Click OK

In addition, Exact Data Matching (EDM) of all SSN can be used in conjunction with the names to ensure no false positives. See Detecting Content using Exact Data Matching (EDM) in the Symantec Data Loss Prevention Administration Guide