Please note that the content of this article does not currently apply to UK-based colleagues
Learn about the seamless email tool working to keep your information safe
You have been learning different tips and tricks on how to keep you and the company’s sensitive information safe – and we now have an additional safety net to help identify unprotected data! We are rolling out a new program to further protect email communications against accidental data leaks by automatically flagging unencrypted or exposed sensitive information.
The new data loss prevention program is designed to reinforce things you already know about handling and sharing sensitive personal information and expectations set forth in the Acceptable Use Policy, but for a refresher, use these links on how to protect sensitive e-mails with encryption or how to share information through OneDrive or SharePoint.
Here are some things you need to know about how the program works:
How the Program Works
- A new email cybersecurity feature will run seamlessly in the background as part of our ongoing data security measures.
- Each time an email is sent, the feature scans for sensitive, unprotected personal information by automatically flagging messages.
- Examples of what might trigger the tool include, credit card numbers, passport numbers and medical records.
- If the email contains this information, it will be flagged and sent to quarantine.
Don’t worry, we are not reading your emails. There is no human interaction and no one but the tool and the sender will know what is flagged.
What happens when an email is quarantined?
- Senders will receive an auto-generated message that will include:
- A notification that the email has been quarantined for containing unprotected personal information.
- Recommending steps required to protect the personal information.
- Giving them the option to release the email from quarantine and send it.
Note: Quarantined emails will be held for 30 days so senders may review, manage, delete or release the messages for delivery.
This new feature is great for catching potential sensitive data leaks, but you can avoid the quarantine process by practicing safe data handling practices using the links above. Remember, you are our first line of defense against hackers, and we thank you for your constant efforts in keeping our systems and data cyber secure.
Frequently Asked Questions
Q: What is the data loss prevention program?
A: The data loss prevention program is designed to help further safeguard against potential sensitive email data leaks using a new email cybersecurity feature that electronically scans outbound emails, automatically flagging and quarantining messages that include sensitive, unprotected personal information (e.g., credit card numbers, passport numbers, medical records, etc.). This is a standard part of any cybersecurity program and it helps us maintain the trust of our guests, employees and crew because we are reducing the risk of their personal information being lost or compromised.
Q: What policy covers the scanning of our email?
A: The Acceptable Use Policy (AUP) outlines the expectations the company has for how you will use and protect company assets, including personal information.
Q: What is the Acceptable Use Policy?
A: The Acceptable Use Policy applies to all employees of Carnival and its subsidiaries, including temporary employees and contractors.
As a user of Carnival’s information technology services and facilities, you have access to valuable Company resources, potentially confidential or sensitive information, and our company networks and business applications (collectively, “Information Assets”).
Acceptable use of these Information Assets means ensuring that Company resources and technologies are used for their intended purposes while respecting the rights of others, the integrity of the physical facilities, the confidentiality of data, and the relevant license and contractual agreements.
Our values require that all employees have a duty to both follow and champion the policies and compliance requirements that relate to the use and handling of information and business systems in their care. This means being aware of the requirements that impact their work, speaking up where these requirements are not being met, and taking responsibility and ownership as needed.
To help to monitor and enforce these policies, Carnival reserves the right to monitor networks and systems in compliance with local laws, and to perform testing to monitor individual’s adherence to the requirements.
If a person is found to be in violation of the Acceptable Use Policy, the Company may take disciplinary action, as described in section 8 of the document, in line with the relevant local policies and legal requirements of the operating company in question.
Q: What happens when an email is quarantined?
A: Senders are notified via auto-generated message that an email has been quarantined for containing unprotected personal information. The auto-generated message will recommend steps required to protect the personal information and provide instructions for releasing the email from quarantine. Quarantined emails will be held for 30 days so senders may review, manage, delete or release the messages for delivery.
Q: Why was my email quarantined?
A: Our data loss prevention technology flagged an email you sent to someone inside and/or outside of the company as containing sensitive personal information, such as credit card information, passport numbers, medical records, etc. The auto-generated message you received includes steps required to protect the personal information and instructions for releasing the email from quarantine.
Q: How long do I have to fix or release a quarantined email?
A: Quarantined emails will be held for 30 days so senders may review, manage, delete or release the messages for delivery. After 30 days, emails still remaining in quarantine are automatically deleted.
Q: What happens if I don’t fix or release a quarantined email?
A: Emails still remaining in quarantine after 30 days are automatically deleted.
Q: Who is looking at my emails to accomplish this?
A: No one. A trusted, approved third party tool from Avanan automatically scans emails per settings agreed upon by competent privacy and cyber security teams. No one sees the emails; you are the only one who knows what was in the email and whether or not the findings were accurate.
Q: How do you know I sent this information?
A: Our data loss prevention technology from Avanan electronically scans outbound emails and automatically flags messages including unprotected sensitive personal data (e.g., credit card numbers, passport numbers, medical records, etc.).
Q: Is anyone reading all my emails?
A: No.
Q: Are all my emails being scanned or monitored?
A: As part of our comprehensive data security and fraud detection systems and technologies, all forms of electronic communications are routinely scanned for signs of malware, unauthorized access, data vulnerabilities and more.
Q: Am I in trouble? Is this an official form of corrective action?
A: No. Good data handling practices are important for making sure our information and data resources are safe and secure. You are a vital part of our cyber defense and this program is just one more way to ensure we are doing everything possible to safeguard the data we value the most. We do not use any identified information to track results of this program. It’s all aggregated and de-identified.
Q: How is the program success being measured?
A: We do not use any identified information to track results of this program. It’s all aggregated and de-identified.
Q: What type of information should I not send over email?
A: You should avoid sending any type of sensitive data or information in an email, whether written in the body or as an attachment. Sensitive data may include (not a complete list):
- Passport numbers
- Government-issued ID numbers
- Driver’s License numbers
- Bank/financial account numbers
- Credit/debit card numbers
- Protected health information
- Passwords or authentication credentials
- Documents protected by attorney-client privilege
Q: How do I send the information in a secure way?
A: Use password protection, encryption tools, secure file share links and other trusted methods to exchange sensitive data. For additional information, click on these links to learn how to protect sensitive e-mails with encryption or how to share information through OneDrive or SharePoint.