Web-based data transmission has become an increasingly popular form of communication. For example, electronic mail, better known as e-mail, has become a tool that society depends upon to communicate effectively and efficiently. In fact, it is now widely accepted that many businesses, including financial institutions, may prefer e-mail to traditional postal mail (“snail” mail) method of delivering documents to customers or potential customers partly because of the savings, because it is cheaper to send e-mail versus snail mail, and partly because of the speed, because it is faster than waiting for the mail system to sort and deliver the mail. However, web-transmission and email systems are not without their drawbacks.
Unfortunately, unauthorized individuals may attempt to intercept or otherwise gain access to sensitive information contained within web-transmissions and emails. For example, while security-enhancing technology such as encryption may help to provide increased security during transmission of emails and other data, non-encrypted transmissions still exist and such transmissions may still be extremely vulnerable. Therefore, an institution may have policies which set forth procedures on how sensitive information may be transmitted electronically. An electronic transmission may include a web-transmission, and may further include sending an e-mail, sending a file, submitting information on a website, transferring information via an instant message chat service, and the like. In one example, the policy may allow sensitive information to be transmitted if the transmission is secure (e.g., encrypted). In another example, the policy may allow certain pre-defined individuals or accounts to transmit sensitive information.
Sensitive information may be any information classified by an institution to be non-public. For example, in a banking context, non-public information may include customer names, customer addresses, customer phone numbers, social security numbers, customer account numbers, customer account personal identification numbers (PIN) and the like. Sensitive information may be any information deemed as such by the institution.
An institution or a third party may monitor emails or web transmissions by the institution's associates to determine compliance with an institution's policy on transmitting sensitive information electronically. For example, product are commercially available which may monitor and track all outgoing electronic transmission to determine compliance with an institution's policy, and upon a violation, may record the details of the violation for reporting to the institution. Upon determining that a violation or non-compliance of institution's policy has occurred, the institution may capture information related to that violation. For example, the third-party application may record information related to the violating transmission in a database. In another example, the institution may record information related in a table or file. Such information may include the actual violating e-mail or web-transmission, or alternatively, a snapshot of the violating transmission, sender information which may include a sender email address or the internet protocol (IP) address of the device that sent the violating transmission, and the like. One of ordinary skill in the art would appreciate these and other methods for determining compliance with or violation of an institution's policy on transmitting sensitive information electronically.
While there are known methods of determining compliance with an institutional policy, only arcane methods of tracking violators and the type of violation are available, such as logging the information by manually inputting the details of the violation. As such, gauging the effectiveness of policing senders who violate a policy may be difficult or costly. Furthermore, such a process of tracking violations might not be timely and by the time the data is processed, the data may be inaccurate. Additionally, determining if, for example, only certain individuals are prone to violations may be difficult. In another example, determining if certain groups of people within a department are prone to violations may also be difficult.