Secure mail using business rules, DLP algorithm

This algorithm is designed to support users in sending sensitive information securely and efficiently. This is encrypted with high-quality modern encryption combined with additional security options such as multi-factor authentication or password. The algorithm only affects the process of sending the relevant e-mail and attachment(s) in which the algorithm detects several types of sensitive information as configured in the management portal.

By applying the algorithm, it provides an additional layer of protection during the transmission process. This not only significantly reduces the risk of data leakage, but also helps maintain confidentiality and integrity of the transmitted data. The human error factor is reduced by using the algorithm.

The relevant administrator of the organisation with appropriate access in the FileCap management portal can specify which PII should be intervened on by the algorithm. This includes PII such as BSN, IBAN, Credit Card information, confidentiality settings in Outlook, multiple recipients or keywords and domains where messages must be sent encrypted and secure at all times. The end user may have the option to disable the entire plug-in depending on the stakeholder organisation's set policy.

The risk is making typos, in case of a typo, the algorithm does not recognise it as a form of PII. This is an accepted risk. A BSN or IBAN is incomplete in case of a typo and of little value in case of interception. For files, the first 1024 KB is read by the algorithm for ease of use, so for large files, PII may not be picked up by the algorithm. Here, it is important to make users aware of the risks at all times; after all, the algorithm remains a tool in the fight against data leaks.

IAMA does not apply because the algorithm does not affect the legal basis applicable at the IAMA and to users.

The data used by the algorithm is based on regular expressions (Regex) to identify the categories of PII. During the development of the algorithm, the patterns in relevant PII were considered. Based on these patterns with the additional different characteristics per category, the regular expressions were defined.

When an e-mail is created and the algorithm is active, the algorithm can see if the message or attachments contain sensitive information as defined by the administrator. The algorithm will warn the user not to send the e-mail and attachments encrypted and unsecured. In doing so, the algorithm focuses on the following input fields: sender, recipient(s), subject, e-mail message and attachments. This data forms the input for the algorithm's operation.