Use new DLP for Drive

View new Drive DLP Data protection insights

View sensitive data types and files with sensitive content in your organization.

The Drive DLP Data protection insights report lists the sensitive data types in your organization, and the Drive files with that sensitive content. This report is offered quarterly. This report is available if you are using:

  • Business Standard
  • Business Plus
  • Enterprise Essentials (domain-verified accounts only)
  • Enterprise Standard
  • Enterprise Plus

Super admins can view this report, and turn it on or off. Delegated admins with the View DLP Rule privilege can view the report, but cannot turn it on or off.

The Data protection insights report lists the:

  • Overall percentage of files containing sensitive content that are being shared externally
  • Top data types that are shared
  • Number of Drive files that contain sensitive content
  • Number of Drive files with sensitive content that are shared externally
  • Percentage of files with sensitive content that are shared externally for each data type

The report also contains suggestions for acting on data protection insights.

Who can view the data protection insight reports?

 

These reports are targeted for consumption for the customers who use Google Drive to store data. Customer administrators must have admin privileges to view Admin consoleand thenSecurityand thenData Protection in order to view these reports.

Learn more about how Google keeps your data private and secure.

How are the Data protection insights reports created?

How are reports generated?

Reports are generated based on the regular scans of Drive files. The contents of the file can change since the last scan took effect. 

Google periodically performs proactive DLP scans for all Drive files based on a set of detectors to help you detect sensitive data. A set of 50 common detectors used for detection of sensitive documents to generate the report. Each admin receives a custom quarterly report based on the data in their environment. The detectors used are listed below in Common detectors used to create the Data protection insights report. Go to How to use predefined content detectors for a complete list of detectors.

Reports may have some false positives. While the detectors attempt to leverage the highest available likelihood threshold, there can be instances where detection may be limited based on the files in your applications.

How are externally shared files determined for this report?

Doc sharing that is detected and reported in the Insights report for Drive DLP:

  • Sharing through an invite or email to a non-Google account
  • Sharing through a link that anyone on the web can open
  • Sharing to an individual’s Google account
  • Sharing to Google groups.
  • Sharing from My Drive and Team Drive
    • In My Drive, DLP detects the sharing of individual files and the sharing of the parent folder for those files.
    • In a Shared drive (or Team drive), DLP detects the sharing of individual files individually and the sharing of the root folder on a team drive.

For details on controlling how users in your organization share Google Drive files and folders, go to Set Drive user’s sharing permissions

View the Data Protection Insights report if you are a DLP admin

Before you begin, sign in to your super administrator account or a delegated admin account with these privileges:

  • Organizational unit administrator privileges.
  • Groups administrator privileges.
  • View DLP rule and Manage DLP rule privileges. Note that you must enable both View and Manage permissions to have complete access for creating and editing rules. We recommend you create a custom role that has both privileges.
  • View Metadata and Attributes privileges (required for the use of the investigation tool only): Security Centerand thenInvestigation Tooland thenRuleand thenView Metadata and Attributes.

Learn more about administrator privileges and creating custom administrator roles.

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

    Super admins can view the report, change the report on or off setting, and contact sales. Admins with only the View DLP rule privileges can only view the report.

  2. From the Admin console Home page, go to Securityand thenData protection.

    To see Security on the Home page, you might have to click More controls at the bottom.

  3. View the quarterly report. The report is display-only, and cannot be configured or modified.

Turn off or turn on the Data protection insights report

The report is available by default. You can turn off proactive scans of Drive files and reports if desired.

Before you begin, sign in to your super administrator account or a delegated admin account with these privileges:

  • Organizational unit administrator privileges. 
  • Groups administrator privileges.
  • View DLP rule and Manage DLP rule privileges. Note that you must enable both View and Manage permissions to have complete access for creating and editing rules. We recommend you create a custom role that has both privileges. 
  • View Metadata and Attributes privileges (required for the use of the investigation tool only): Security Centerand thenInvestigation Tooland thenRuleand thenView Metadata and Attributes.

Learn more about administrator privileges and creating custom administrator roles.

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

    Super admins can view the report, change the report on or off setting, and contact sales. Admins with only the View DLP rule privileges can only view the report.

  2. From the Admin console Home page, go to Securityand thenData protection.

    To see Security on the Home page, you might have to click More controls at the bottom.

  3. Under Data protection insights setting, select Off.
  4. Click Save. The reports are now turned off. You can turn it back on by navigating to Data protection insights setting and selecting On. If you turn the report back on, it will display sensitive data information from the beginning of the next quarter.

View the Data protection insights report if you are not a DLP admin

  1. If you are an admin and have Enterprise or G Suite Business , you will receive an email prompting you to view the quarterly Data Protection Insights report for the current quarter. Click View Report in the email.

    Super admins can view the report, change the report on or off setting, and contact sales. Admins with only the View DLP rule privileges can view the report, but not turn it off or on or contact sales.

  2. On the DLP Home page, you see the report, which lists the number of Drive files with sensitive content for top data types.
  3. If you have the G Suite Business edition, and would like to use DLP data protection features, you’ll need to upgrade your edition. Click Yes, Contact Me to learn about this upgrade. 

Common detectors used to create the Data protection insights report

Fifty common detectors that are used to create the Data protection insights report

Go to How to use predefined content detectors for a complete list of detectors with descriptions for each detector.

Detector names

Region

  • Driver’s License Number
  • Employer Identification number (EIN>
  • National Provider Identifier (NPI)
  • Individual Taxpayer Identification Number (ITIN)
  • Passport
  • Social Security Number (SSN)
  • Committee on Uniform Security Identification Procedures (CUSIP)
  • Food and Drug Administration (FDA) Approved Prescription Drugs
  • American Bankers Association (ABA) Routing Number
  • Drug Enforcement Administration (DEA) Number

United States

  • Medicare Account Number
  • Tax File Number (TFN)

Australia

  • Cadastro de Pessoas Físicas (CPF) number

Brazil

  • British Columbia Personal Health Number (PHN)
  • Ontario Health Insurance Plan (OHIP)
  • Passport
  • Quebec Health Insurance Number (HIN)
  • Social Insurance Number (SIN)

Canada

  • Passport

China

  • Carte Nationale d’Identité Sécurisée (CNI) - national identity card
  • Numéro d'Inscription au Répertoire (NIR) - Social Security Number
  • Passport

France

  • Passport

Germany

  • Personal Permanent Account Number (PAN)

India

  • Driver’s License Number
  • Individual Number
  • Passport

Japan

  • Clave Única de Registro de Población (CURP) - national identification number 
  • Passport

Mexico

  • Burgerservicenummer (BSN) - national identification number
  • Passport

Netherlands

  • Número de Identificación Fiscal (NIF) Number
  • Número de Identificación de Extranjeros (NIE) Number
  • Driver’s License Number
  • Passport

Spain

  • Driver’s License Number
  • National Health Service (NHS) Number
  • National Insurance Number (NINO)
  • Taxpayer Identification Number - Unique Taxpayer Reference (UTR)
  • Passport

United Kingdom

  • Credit card number
  • Email address
  • Gender identity 
  • Bank account number (IBAN) - International Bank Account Number 
  • ICD 10-CM Lexicon
  • ICD 9-CM Lexicon
  • International Mobile Equipment Identity (IMEI) - hardware identifier
  • IP address
  • Phone number
  • Bank account number (SWIFT)

Global

Related information

Was this helpful?
How can we improve it?

Need more help?

Sign in for additional support options to quickly solve your issue