Important Notice
For Staff For Staff
Not for student Not for student
Not for alumni Not for alumni

To prevent personal data breaches, the University has launched* a new email Personal Data Leakage Prevention (DLP) service for detection of the following types of personal data in the outgoing emails. 

  • HKID, Passport/Personal Identity No.

  • Staff/Student No.

  • Bank Account/Credit Card No.

  • Sensitive Dates (e.g. Date of Birth/Expiry), Phone No., Email Address

  • Residential/Correspondence Address

Email sent from a University email account suspected to contain excessive amounts (determined by pre-defined thresholds) of the above personal data in the email content and/or attachments will be quarantined. The sender will then be notified by email to review before delivering it.


* Effective Date: Administrative Staff (15 June 2021), Teaching/Research Staff (12 July 2021)


Email checking Email checking

Email Personal Data Leakage Prevention (DLP) System detects and quarantines the potential data breach and data exfiltration in outgoing email transmission via the University email system.

No. Email DLP ONLY detects and quarantines the outgoing email suspected to contain sensitive personal data that violates the University’s Data Leakage Prevention (DLP) Policy.

You will receive a DLP Quarantined Email Notification within a minute or two after your email has been quarantined. You should review the email body and all its attachments for existence of any UNENCRYPTED sensitive or personal data, and follow the User Guide to RELEASE or DISCARD the email as appropriate.

You can encrypt the file attachment containing sensitive or personal data with STRONG password using 7-Zip software, or built-in password protection feature provided by PDF or Microsoft Office documents.

You may follow the Password Length and Complexity of User Account Password Policy.

The [Release Email] or [Discard Email] button of the DLP Quarantined Email Notification MUST be clicked only ONCE and WITHIN 7 days from the receipt of the quarantine notification. Otherwise, the above message will be displayed.

All outstanding DLP Quarantined Email Notification will be removed permanently from the system 7 days after the quarantine date.

“ITO Reference” number is a unique number to identify the quarantined email. If you have any inquiry about a particular quarantined email, please provide this reference number to us.

No, you only need to [Release Email] or [Discard Email] ONCE, regardless of the number of recipients of the quarantined email.

Email Personal Data Leakage Prevention (DLP)