Microsoft Technical Bulletins

The latest updates for all the Microsoft Products you use every day.

Written by Richard Quatier

My goal is to help your business by integrating processes that automate mundane tasks and simplify complex ones without breaking budgets.

Categories: Microsoft 365 Suite

May 28, 2021

Blog Home

Updates to U.S. Social Security Number sensitive information type definition for improved accuracy

QuixTec provides technical bulletins ‘unaltered’ from Microsoft. As an authorized Microsoft Partner, experienced SharePoint development group and Office 365 expert, QuixTec’s’ custom online or on prem solutions include the latest Microsoft updates throughout initiatives that we custom develop for you.

From Microsoft Corporation
Technical Bulletin MC256841 · Published May 17, 2021

Message Summary

To improve the accuracy of the “U.S. Social Security Number” (SSN) sensitive information type, we are making the following changes to its definition:

1. Three discreet confidence levels (High, Medium, and Low) depending on the level of accuracy. The three levels indicate the likelihood of a true positive considering the following:

  • When the SSN was issued. SSNs issued pre-2011 had relatively strong definition due to additional checks.
  • Whether the SSN are formatted (ddd dd dddd or ddd-dd-dddd) or unformatted (ddddddddd).
  • Whether a keyword is found in proximity to the SSN.

2. An additional pattern which does not require mandatory keywords in proximity to reduce false negatives. The current definition requires keywords like “SSN” or “Social Security Number” in proximity to the actual number, which can sometimes lead to valid numbers not being detected (i.e. in an Excel spreadsheet where the supporting keyword is present only in the header row).

3. Added intelligence to detect high volume SSNs in tabular data, like an Excel spreadsheet where keyword is present only in the header of the table. Use “High confidence” or “Medium confidence” in your policy for this. Please note that this requires at least one instance to be detected with a keyword in proximity.

See details of current definition vs. new definition below.

When this will happen

Rollout will begin in early June and is expected to be complete by early July 2021

How this will affect your organization

Your existing policies, including data loss prevention policies, do not need to be changed. However, depending on your needs, you may wish to change the confidence level for US SSN within your policies (such as data loss prevention, communication compliance, sensitivity labeling, or records management). For example, if you wish to have minimal false positives, you may set the confidence level to High, and you can set the confidence level to Low if you want minimal false negatives.

  • We recommend that you use High confidence level in your policies for minimal false positives.
  • If you wish to detect unformatted numbers like 123121234 as well, you should use Medium confidence level.
  • Using Low confidence may result in a lot of false positives due to the weak definition of US SSN, where any 9-digit number can be a valid SSN. Please note that using Medium or High confidence will still detect high volume SSNs without keywords, provided at least one instance has keyword in proximity.

What you need to do to prepare

Review your policies and set the appropriate confidence level for the US SSN sensitive information type based on what you want to detect.

Learn more about sensitive information types.

Details:

Current and new definitions


View image in new tab
Additional information

ABOUT US: QuixTec, LLC is a U.S. certified Veteran Owned, modern DevOps organization and Microsoft Partner that specializes in Microsoft SharePoint, Office 365 expertise & HTML5 technologies for small to enterprise-sized organizations. The founder, Richard, has 30 years of experience working with several notable companies that include World Vision, Expedia, Microsoft, Levi Strauss, NASA, Boeing Aerospace, Los Alamos National Laboratory, and the U.S. Air Force, to name a few.  QuixTec is in the Seattle area. Phone today for a free consultation and project estimate: (425) 367-9025    SHAREPOINT DEVELOPMENTCUSTOM SOLUTION DEVELOPMENTOFFICE 365 EXPERTSSHAREPOINT DOCUMENT LIBRARIESSHAREPOINT CONUSLTANCYSPECIAL NGO RATES

You May Also Like…

Microsoft 365 roadmap site updates

Microsoft 365 roadmap site updates

From Microsoft CorporationTechnical Bulletin:  MC277639 · Published Aug 13, 2021 Message Summary We will be making updates to the Microsoft 365 roadmap on how you view, filter, search for, and sort the information. When this will...