1.09 – Data Loss Prevention
Last updated : January 14, 2022
This policy is will be effective from Monday 17 January 2022
To see prior version, please click here.
Estimate Reading Time : 3 minutes
All users and members of the PT. Mandiri Tunggal Sejahtera Berkarya/ MTS Group Holding, LLC. (“Company”) community are responsible for protecting the confidentiality, integrity, and availability of data created, received, stored, transmitted, or otherwise used by the Company. Company reserves the right to restrict the use of Information Technology Resources in order to preserve data security or comply with law or policy.
In order to further secure data and improve regulatory compliance, Company has implemented Data Loss Prevention (DLP). Company uses DLP to identify confidential data on the Company network and – in cases where intentional or unintentional use violates policy – block the creation, reception, storage or transmission of confidential data.
Reason for Policy
DLP is an automatic surveillance system that consistently watches activity on the network and on Company desktop and laptop computers. It identifies confidential data (e.g. user health information, social security numbers, and credit card numbers) and flags it for further investigation. In some cases DLP will stop the flow of data (e.g. if an email containing confidential data is sent to an inappropriate recipient, DLP may be used to temporarily or permanently block that email).
DLP has the ability to:
- Monitor data in motion (e.g., emails and instant messages)
- Search for and analyze data at rest (e.g., data residing on a file server or database) and data at the endpoint (e.g., files on a laptop, desktop, or in a flash drive).
By gathering this information, DLP can determine if data is confidential (per the ITS Data Classification policy), and appropriately secure it to prevent security policy violations and maintain regulatory compliance.
Company handles a large amount of confidential data on a daily basis. Technologies that enable Company to function efficiently and make data easy to access and share also increase the risk of unauthorized disclosure and loss of confidential data. This has potentially serious consequences, including financial penalties, customer dissatisfaction, increased regulatory scrutiny, and reputational damage.
DLP is being used in conjunction with other security tools to protect confidential data and reduce the risk of it being compromised. This helps protect both the data that our organization is in charge of as well as the Company community from the consequences of losing confidential data.
Entities Affected by this Policy
PT. Mandiri Tunggal Sejahtera Berkarya/ MTS Group Holding, LLC (“Company”).
Who Should Read this Policy
All individuals provided with a PopIt Snack Account (“PSAID“) and has Company-supplied email account for accessing Platform information systems and accessing, storing, sending, receiving, or transmitting any Platform data.
Web Address of this Policy
Certain information such as user health information, personnel data, or financial records is confidential and must be treated with extreme care to avoid inappropriate disclosure with possible attendant fines or mandated notifications.
Company community members should not expect that personal communications will remain private and/or confidential. While the college permits generally unhindered use of its information technology resources, those who use Comapny information technology resources do not acquire, and should not expect, a right of privacy.
For a complete list of all data considered confidential by Company, please review the ITS Data Classification policy.
DLP is already actively monitoring both data in transit and at rest on the Company network, including (but not limited to):
- HTTP/S (message boards, blogs and other websites)
- Instant Messaging
- Peer-to-peer sites and sessions
Company community members should continue to abide by existing policies for appropriate use of ITS resources as provided in the ITS policies page.