Stop data loss with DLP

View the Drive DLP Data protection insights report

View sensitive data types and files with sensitive content in your organization.

Tiếp theo: Prevent data leaks with Data protection recommended rules

Supported editions for this feature: Frontline Starter and Frontline Standard; Business Standard and Business Plus; Enterprise Standard and Enterprise Plus; Enterprise Essentials and Enterprise Essentials Plus. Compare your edition

The Drive DLP Data protection insights report lists the sensitive data types in your organization, and the Drive files with that sensitive content. This report is offered quarterly.

The Data protection insights report lists the:

Overall percentage of files containing sensitive content that are being shared externally
Top data types that are shared
Number of Drive files that contain sensitive content
Number of Drive files with sensitive content that are shared externally
Percentage of files with sensitive content that are shared externally for each data type

The report also contains suggestions for acting on data

Who can view the data protection insight reports?

These reports are targeted for consumption for the customers who use Google Drive to store data. Customer administrators must have admin privileges to view Admin consoleSecurityAccess and data controlData Protection in order to view these reports.

Learn more about how Google keeps your data private and secure.

How are the data protection insights reports created?

How are reports generated?

Reports are generated based on the regular scans of Drive files. The contents of the file can change since the last scan took effect.

Google periodically performs proactive DLP scans for all Drive files based on a set of detectors to help you detect sensitive data. A set of 50 common detectors is used for detection of sensitive documents to generate the report. Each admin receives a custom quarterly report based on the data in their environment. The detectors used are listed below in Common detectors used to create the Data protection insights report. Go to How to use predefined content detectors for a complete list of detectors.

Reports may have some false positives. While the detectors attempt to leverage the highest available likelihood threshold, there can be instances where detection may be limited based on the files in your applications.

How are externally shared files determined for this report?

Doc sharing that is detected and reported in the insights report for Drive DLP:

Sharing through an invite or email to a non-Google account
Sharing through a link that anyone on the web can open
Sharing to an individual’s Google account
Sharing to Google groups.
Sharing from My Drive and Shared drive
- In My Drive, DLP detects the sharing of individual files and the sharing of the parent folder for those files.
- In a Shared drive, DLP detects the sharing of individual files individually and the sharing of the root folder on a Shared drive.

For details on controlling how users in your organization share Google Drive files and folders, go to Set Drive user’s sharing permissions.

What can I do after viewing the insight report?

The insights report doesn't include details on every individual file flagged in the report at this time. The administrator can configure DLP rules to find details on sensitive files that are shared externally. See Create DLP for Drive rules and custom content detectors for details on creating new rules.

For the rest of the Google Workspace editions, the administrator can consider using Drive user sharing permissions to control file sharing. For details on controlling how users in your organization share Google Drive files and folders, go to Set Drive user’s sharing permissions.

How is the insight report related to recommended rules?

DLP recommends rules based on the results of the Data protection insights report. For example, if the report lists passport numbers as a shared data type in your organization, DLP recommends a rule to prevent the sharing of passport numbers.

You receive rule recommendations only if you have the Data protection insights report turned on. Go to Prevent data leaks with Data protection recommended rules for details.

View the Data Protection Insights report if you are a DLP admin

Before you begin, sign in to your super administrator account or a delegated admin account with these privileges:

Organizational unit administrator privileges.
Groups administrator privileges.
View DLP rule and Manage DLP rule privileges. Note that you must enable both View and Manage permissions to have complete access for creating and editing rules. We recommend you create a custom role that has both privileges.
View Metadata and Attributes privileges (required for the use of the investigation tool only): Security CenterInvestigation ToolRuleView Metadata and Attributes.

Learn more about administrator privileges and creating custom administrator roles.

Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).

Super admins can view the report, change the report on or off setting, and contact sales. Admins with only the View DLP rule privileges can only view the report.
In the Admin console, go to Menu SecurityAccess and data controlData protection.
View the quarterly report. The report is display-only, and cannot be configured or modified.

Turn off or turn on the Data protection insights report

The report is available by default. Super admins can view the report, and turn it on or off. Delegated admins with the View DLP Rule privilege can view the report, but cannot turn it on or off.

You can turn off proactive scans of Drive files and reports if desired.

Learn more about administrator privileges and creating custom administrator roles.

Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
In the Admin console, go to Menu SecurityAccess and data controlData protection.
Under Data protection insights setting, select Off.
Click Save. The reports are now turned off. You can turn it back on by navigating to Data protection insights setting and selecting On. If you turn the report back on, it will display sensitive data information from the beginning of the next quarter.

View the Data protection insights report if you are not a DLP admin

If you are an admin and have Enterprise or G Suite Business , you will receive an email prompting you to view the quarterly Data Protection Insights report for the current quarter. Click View Report in the email.
Super admins can view the report, change the report on or off setting, and contact sales. Admins with only the View DLP rule privileges can view the report, but not turn it off or on or contact sales.
On the DLP Home page, you see the report, which lists the number of Drive files with sensitive content for top data types.
If you have the G Suite Business edition, and would like to use DLP data protection features, you’ll need to upgrade your edition. Click Yes, Contact Me to learn about this upgrade.

Common detectors used to create the Data protection insights report

Fifty common detectors that are used to create the Data protection insights report

Go to How to use predefined content detectors for a complete list of detectors with descriptions for each detector.

Detector names	Region
Driver’s License Number Employer Identification number (EIN> National Provider Identifier (NPI) Individual Taxpayer Identification Number (ITIN) Passport Social Security Number (SSN) Committee on Uniform Security Identification Procedures (CUSIP) Food and Drug Administration (FDA) Approved Prescription Drugs American Bankers Association (ABA) Routing Number Drug Enforcement Administration (DEA) Number	United States
Medicare Account Number Tax File Number (TFN)	Australia
Cadastro de Pessoas Físicas (CPF) number	Brazil
British Columbia Personal Health Number (PHN) Ontario Health Insurance Plan (OHIP) Passport Quebec Health Insurance Number (HIN) Social Insurance Number (SIN)	Canada
Passport	China
Carte Nationale d’Identité Sécurisée (CNI) - national identity card Numéro d'Inscription au Répertoire (NIR) - Social Security Number Passport	France
Passport	Germany
Personal Permanent Account Number (PAN)	India
Driver’s License Number Individual Number Passport	Japan
Clave Única de Registro de Población (CURP) - national identification number Passport	Mexico
Burgerservicenummer (BSN) - national identification number Passport	Netherlands
Número de Identificación Fiscal (NIF) Number Número de Identificación de Extranjeros (NIE) Number Driver’s License Number Passport	Spain
Driver’s License Number National Health Service (NHS) Number National Insurance Number (NINO) Taxpayer Identification Number - Unique Taxpayer Reference (UTR) Passport	United Kingdom
Credit card number Email address Gender identity Bank account number (IBAN) - International Bank Account Number ICD 10-CM Lexicon ICD 9-CM Lexicon International Mobile Equipment Identity (IMEI) - hardware identifier IP address Phone number Bank account number (SWIFT)	Global

Related information

Thông tin này có hữu ích không?

Chúng tôi có thể cải thiện trang này bằng cách nào?