Setup the ignore function for data owners in EDM.

However, there seems to be a functionality issue with part of the feature.

• When selecting Data Owners to be ignored based on recipient, one has the choice to select "All Recipients", or "Any Recipients". 
  • When one selects to use "Any Recipients", if a message has multiple recipients and one of them has data they own, DLP ignores the message correctly.
  • No incident is created.

However, if one selects "All Recipients" our expectation is that ALL the recipients must have data they own in the message otherwise the ignore doesn't apply and do create a incident.

However, when one sends the same test message, it does NOT create a incident.

What is the functional difference between the two settings?

For example, let us consider the following sample EDM rows 

Password   Email1                      Email2                      Domain

xzy686       [email protected]   [email protected]    example.com

ghj780        [email protected]     [email protected]      example.com

The following scenarios could occur: 

• The first case is when the "All Recipients" exception is identified on both Email fields. 

1. If the email contains data "xzy686" and [email protected], [email protected] in To list, the ignore should work on All recipients, and incident should not be created.

2. If the email contains data "xzy686" and [email protected], [email protected], [email protected] then there is a violation and incident should be created.

Here, admin3 does NOT own "xzy686".

3. If the email contains all 4 recipients from both rows ([email protected], [email protected], [email protected], [email protected]) and sensitive data from both rows "xzy686" and "ghj780" then too there is a violation and incident should be created.

Here, admin1 and admin2 do not own data "ghj780" and admin3 and admin4 do not own data "xzy686".

Any Recipient exception - all three cases above will be ignored without generating incidents.

• Now if the data owner exception for All Recipients is created on Domain. In the above sample data both rows contain the same domain field.

1. If all recipients in the email To list contains any email address that belongs to example.com and sensitive data "xzy686" and/or "ghj780", the email will be ignored as the same domain owns data from both rows.

2. However, if the same email also contains one or many email ids that belong to any domain other than example.com, the email should generate incident.

Any Recipient exception - both cases above will be ignored without generating incidents.