Data Spill
Define PI
What is Personal Information (PI)
Any information related to an identifiable person
Examples: Address, phone number, email
Who is responsible for preventing data spills?
All GM Employees
Step 1
1.Recall the email message in Outlook if possible
Reminder: Recall works only for emails sent internally
How do most data spills occur?
•Majority of incidents are email related
Email sent to the wrong recipient
Failure to check an attachment, e.g.:
Excel files with hidden rows, columns, tabs
PowerPoint files with text in notes section at bottom
Data or information in the email string
If a Data spill occurs, who submits the data spill report form?
Person who had the data spill
Define SPI
Sensitive Personal Information (SPI)
Personal information that, if exposed, poses greater privacy risks
Examples: Social security number or government ID numbers, personal financial information, personal health information
What feature in outlook should be disabled?
Auto-Complete
Step 2
Contact unintended recipient(s) and ask that the information be returned or destroyed
If destroyed, obtain written confirmation
Frequent contributors to e-mail incidents
Outlook auto-complete feature
External Recipient Add-In not installed or disabled (pop-up / delayed send)
OR
Employee was working quickly
There was a break in concentration
What is the free trade agreement between US, Canada and Mexico
UCMCA
A data spill is an incident that occurs when sensitive GM and/or supplier information is shared with ___ or ___ recipients
Internal or External
What software is not compliant with GM's data spill prevention tools?
New Outlook
Step 3
Review impacted supplier’s terms and conditions for any provisions related to data security
How many data spills have occurred under Amit in 2025?
2
Who determines if an incident is a data spill
What is the 8th level manager responsible?
What are data classifications
GM Public, GM confidential and GM Secret
Preventing data spills are important. What relationships must be protected?
Supplier relationships
Step 4
Communicate incident to the 8th level manager (or above)
______could refer to the amount of data shared and/or the number of recipients (e.g. system sends information to wrong recipients). Requires referencing 5 points of contact
Large
If the 8th level is unsure about a data spill, who do they consult?
their local GPSC Strategic Planning & Development (SP&D) team
GM Secret information must be ____ when stored or transfered
Encrypted
Why preventing data spills is important? GM's information Security policy states that:
GM information is one of our most important assets and must be protected
Or
Third party information must be protected in accordance with agreed upon T&C
OR
GM information must not be released to the public without review and proper approval
Step 5 & 6
Complete Data Spill Report Form via Data Spill Prevention site
AND
Submit copy of Data Spill Report Form in eApproval
If not in eApproval, use email as alternative
Who hosted the 2025 GPSC data spill training?
Julie Learner
What U.S. law that requires cargo transported between U.S. ports to be carried on vessels that are U.S.-built, U.S.-owned, and U.S.-crewed?
The Jones Act