The University will soon be making some changes to enhance data security and protect sensitive information. A set of Data Loss Prevention (DLP) policies will be implemented to electronically monitor and prevent payment card data being saved, sent or received on our network.
All staff are responsible for the security of sensitive data and must not store or transmit payment card data. Staff must not request or send payment card data via email, MS Teams or other messaging technologies.
University policy is to collect payments electronically either via one of our approved eCommerce platforms, by direct bank transfer or via face-to-face card transactions.
Payments made on behalf of the University must also be made via secure, known eCommerce sites, by direct bank transfer or via face-to-face card transactions.
How Does DLP Work?
Our DLP policies will actively scan and monitor data within our network to identify possible payment card data. Any emails sent or received which contain payment card data will be blocked.
For an initial period of 3 months a “soft ” enforcement will be in place where users are advised of the potential breaches of policy. During this period, it is expected our policies will be refined to ensure data which appears to be payment card data, but is not, is allowed on our network.
Following a successful period of “soft” enforcement, “hard” enforcement will be applied. This will prevent staff from saving payment card data on the network and sending or receiving emails containing payment card data.
Using University IT resources to conduct personal transactions?
Your own personal card data will also be protected by the DLP policies. In the interest of data security, please treat personal card data with the same level of care as customer card data and corporate card data.
How can I help?
There may be some legitimate business needs that require payment card data to be transmitted or saved. If you are aware of any cases where your data requirements may trigger a DLP policy, please get in touch as soon as possible. Contact pcicompliance@kent.ac.uk