Currently running DLP v14 in our environment and I have a policy to detect for and block on the copying of SSN's. The policy is using the Randomized US Social Security Number and I have set the breadth to narrow. The problem is it is finding documents with nine digit zipcodes and it is also hitting on random code in some documents/files. I can see where these are zip codes and I can tell for certain some of the files with code are not SSN's. The problem is, because I have it set to narrow there should be a keyword that it matches on also. But I do not see a single keyword in the document and I have checked under data identifiers and the keywords are there. So this is creating a lot more false positives that I am seeing. This same issue also applies to credit cards and bank routing numbers.
I have a test DLP system up and the same thing happens there with newly created policies. I have also gone back to using the old SSN data identifier and I am seeing the same results as the new randomized SSN data identifier.
Is anyone else seeing the same issues?