Electronic communication has proved to be an effective, convenient, and efficient method for communicating information and fostering relationships between people. Electronic mail (“email”), one form of electronic communication, in particular is an effective tool with which data and information can be conveyed quickly and easily to large numbers of people. An email program on a computer connected to a network can be used to send information and electronic files to other individuals by entering the information in an email message and/or attaching an electronic file to the message. The email message is sent over the network to the individual's email address, and the individual can receive the message almost instantaneously after it is sent. Using electronic communication, business can be conducted and relationships formed in a very quick and efficient manner.
The advantages that email, or any form of electronic communication, provides are balanced with potential misuses of these convenient tools. One potential misuse is conveying, intentionally or unintentionally, sensitive information via an electronic communication tool. For example, an organization, such as a business, may store sensitive information that may be accessible to certain employees or other people associated with the organization. The sensitive information may include trade secrets and/or social security number information of employees or customers. An electronic communication tool such as email may be used to access the sensitive information and send it to a recipient outside of the organization. In some instances, the sensitive information may be conveyed unintentionally by an employee mistakenly sending the wrong file or inputting the wrong email address of the intended recipient. In other instances, persons with ill intent may purposefully send sensitive information to an outside recipient to reap ill-gained benefits or otherwise to detrimentally affect the organization. The sensitive information, particularly social security numbers, may be used for illegal purposes or for gaining an illegal advantage over the organization.
Detecting and stopping such misuses of electronic communication is difficult and can be resource intensive. Some systems use a set of sensitive information and compare content of electronic communications leaving an organization server to detect content that matches the sensitive information. The set of sensitive information is transformed into a selected format and stored. Content of outgoing electronic communications, including the content of the message within the communication and content of any attachments, is transformed into the same selected format and compared to the transformed sensitive information. If a match occurs, the electronic communication can be prevented from leaving servers managed by the organization. Such a system, however, requires diligence to ensure that the sensitive information is updated, complete, and accurate in order to provide an effective system. Use of inaccurate information may result in “false positive” matching, in which an electronic communication that does not include sensitive content is erroneously identified as including sensitive content, as well as “false negative” errors, in which an electronic communication that includes sensitive content is not identified. Use of incomplete information often results in “false negative” errors. Moreover, a relatively large and accurate set of sensitive information, including social security numbers, is not readily available to most organizations, which therefore rely on incomplete or inaccurate data to detect sensitive information in electronic communications. Accordingly, a need exists for systems and methods for using a set of sensitive information that is relatively complete and accurate for detecting sensitive information in electronic communications and preventing such communications from reaching their intended recipient.