DLP Troubleshooting & Understanding Social Security Numbers (SSN’s)

Situation: Your Data Loss Prevention (DLP) is experiencing issues with Social Security Numbers.
Solution: See below for information on how we scan for SSN.

SSN Usage In DLP

Usage

SSN usage in DLP can be used for HIPAA compliance, among other things. Choosing to use the DLP can be mandatory/regulatory or by choice.

Combine Smart ID and Dictionary

When using SSN as the smart ID, it is best paired with an associated Dictionary to have less false positives.

SSN Guide

SSN falls into two formats. Depending on which DLP is used, we scan for either or both formats.

  • Formatted – Matches ###-##-####
    • 3-2-4 format
  • Unformatted – Matches #########
    • 9-digit format

SSN in Smart Identifier set-up

Restrictive Social Security Number – checks only for formatted

Social Security Number – checks for both formatted and unformatted

Exclusions

Below are the known exclusions to the SSN DLP.

  • All zeroes in any group
  • Numbers start with 666 or 00
  • Numbers from range 87654320 to 87654329

Additional reading:

Smart Identifier Search Patterns

Outbound DLP – Credit Cards