Data Protection
Data Protection
Data Protection aims to detect problems resulting from misuse of private or sensitive data.
This policy category contains 7 policies. These policies look for patterns that could potentially be sensitive data.
- Detect Currency Usage
- Detect National Insurance Numbers
- Detect Social Security Numbers
- Detect Session Enabled URLs
- Detect UK Bank Detais
- Detect Plain Text Passwords
- Detect Credit Card Numbers
Detect Currency Usage
Checks if the document contains currency references. This policy will check for both symbols and text that can be used to represent currency references, such as £ and GBP.
Any references to currency will generate a policy exception. Some documents be permit the use of currency symbols, however highlighting the issue can be used to ensure specific documents do not have these references when they are not applicable.
The following currency values are checked by default, this can be added to:
- £, GBP
- $, USD
- €
- ¥, JPY
Detect National Insurance Numbers
Checks if the document contains suspected UK national insurance numbers. Potential text and number combinations are searched for to highlight potential publishing of sensitive information. Any successful instances of these searches will generate a policy exception.
Detect Social Security Numbers
Checks if the document contains suspected US social security numbers. Potential combinations are searched for to highlight potential publishing of sensitive information. Any successful instances of these searches will generate a policy exception.
Detect Session Enabled URLs
Checks for Hyperlinks that have session specific URLs within the document. Potential session URLs are searched for to ensure no potential session information remains in the site that could navigate a user through to sensitive information that requires a secure login.
<a href="user_details.html?session_id=1234">Your details</a>
Any instances of these session enabled URLs will result in a policy exception.
Detect UK_Bank Details
Checks if the document contains suspected UK bank account details. Searches are conducted to reveal potential UK bank account details, such as sort codes and account numbers.
When an instance of a sort code and account number are found within the document a policy exception is generated.
Detect Plain Text Passwords
Checks for instances of suspected non encrypted, plain text passwords.
Any instances of these potential violations will result in a policy exception being created.
Detect Credit Card Numbers
Checks the document for suspected credit card details. This policy will search for numeric combinations that match the format of major credit card account numbers, from the list below:
- American Express
- Visa
- Master Card
- Dinners Card
- Discover Card
Any suspected instances of these account numbers will generate a policy exception.