Default Polish Social Security Number data identifier allows false positives

book

Article ID: 169453

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

The built-in Polish Social Security Number (PESEL) data identifier allows false positives for strings that are not valid PESEL numbers.

Resolution

To resolve this, we recommend that you create a new custom data identifier (DI) to use in conjunction with a custom policy.

  1. In Enforce, go to Manage -> Policies -> Data Identifiers.
  2. Click Add Data Identifier.
  3. In the Details section, enter a name for this custom DI.  The description is optional, but recommended.
  4. In Patterns, enter the following string:
    • \d{11}
  5. Under Data Normalizer, select "Do nothing".
  6. Under Validation Checks, click Exclude beginning characters.
  7. In the Description and Data Entry box, under Exclude beginning characters, enter the following:
    • 0000
  8. Click Add Validator.
  9. Under Validation Checks, click Polish Social Security Number Validation Check.
  10. Click Add Validator.
  11. Click the Save button at the top of the window.  This will create your custom DI.

Now, let's create the custom policy to detect PESEL numbers.

  1. In Enforce, go to Manage -> Policies -> Policy List.
  2. Click New.
  3. Select Add a blank policy and click Next.
  4. Enter a name for your policy.  You can also enter a description, but this is optional.
  5. Select the policy group this policy should be in.
  6. Click Add Rule.
  7. Select Content Matches Regular Expression, then click Next.
  8. Enter a name for the rule.
  9. In the Regular Expression field, enter the following string:

 

\d{2}(0[1-9]|[1-9][0-9])(0[1-9]|([1-3][0-9]))\d{5}

 

 

  1. Click the pull-down for Also Match: and select the custom DI we created earlier.
  2. Click Add.
  3. Click OK.
  4. Click Save.

 

At this point, you have a policy that will correctly detect PESEL numbers while excluding invalid numbers.  You can edit this policy to add other rules, exclusions, and response rules as needed.