Compliance rules in Google Apps: Prevent employees from emailing PII

Are you concerned about HIPAA compliance standards & preventing employees from sharing sensitive information over email? Do you need to implement a data loss prevention policy within your organization? Even with clear communication to your employees that PII such as social security numbers should not be sent over email, mistakes happen.

You can configure the DLP policy so that Gmail automatically scans all mail automatically (including attachments), and take immediate action to quarantine the message. Here’s a quick guide for doing so, courtesy of Google:
 

Set up a compliance rule

  1. Sign in to the Admin console.

  2. Click Apps > Google Apps > Gmail > Advanced settings.

  3. In the Compliance section, hover over Content compliance, and click Compliance (appears on the right).

  4. In the Add setting popup, enter a short description, such as Social Security Number detected.

  5. In the Email messages to affect field, check the Outbound box to prevent emails containing SSNs from being shared outside your organization. You can also check the Internal – sending box to apply the same rule to messages sent within your organization.

  6. In the Add expressions field, click the Down arrowand select If ANY of the following match the message.

  7. In the Expressions category, click Add.

  8. Click the Down arrowand select Predefined content match.

  9. Click Predefined content match, and select United States – Social Security Number.

 

  1. (Optional) Enter a Minimum match count, which is the number of SSNs that must appear in an email before an action is triggered. If you leave this as 1, then messages containing a single SSN will be detected.

  2. (Optional) Click Confidence threshold and select High or Medium.

This indicates the likelihood that the content of the detected email meets your criteria. Some data, such as a SSN, can be detected with a high level of confidence because it has a well-defined pattern.

  1. Click Save.

Quarantine messages

  1. Click If the above expressions match..., and select Quarantine message, which allows you to check emails that have been detected.

  2. Click Add setting > Save.

  3. Review the Content compliance field for a summary of the new settings.

Check quarantined emails

  1. From the Quarantine Manager, click All quarantines. This displays the list of all quarantined emails.

  2. Click an email message to check the content.

  3. Check the box for one or more messages and click Allow or Deny to approve or reject the message.

    • If you click Allow, the email is sent.

    • If you click Deny, the sender receives a notification by email that the message was not delivered.

7 Pro tips from gmail power users

Is Google APPS HIPAA Compliant?

Miles Hischier