{
	"id": "54ffa98d-f563-403b-8c0c-5bc97ca8beb2",
	"created_at": "2026-04-06T00:17:32.61107Z",
	"updated_at": "2026-04-10T03:19:56.178147Z",
	"deleted_at": null,
	"sha1_hash": "6e9e9d31869cc66cd8d3be5691be028997fcc06d",
	"title": "About DLP",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 73849,
	"plain_text": "About DLP\r\nArchived: 2026-04-05 17:24:40 UTC\r\nSupported editions for this feature: Frontline Standard and Frontline Plus; Enterprise Standard and Enterprise\r\nPlus; Education Fundamentals, Education Standard, and Education Plus; Enterprise Essentials Plus. Compare\r\nyour edition\r\nDrive DLP and Chat DLP are also available to Cloud Identity Premium users who also have a Google Workspace\r\nlicense (Enterprise, Business, or Education editions).\r\nDLP rules\r\nUsing data loss prevention (DLP), you can create and apply rules to control the content that users can share in files\r\noutside the organization. DLP gives you control over what users can share, and prevents unintended exposure of\r\nsensitive information such as credit card numbers or identity numbers.\r\nDLP rules trigger scans of files for sensitive content, and prevents users from sharing that content. Rules\r\ndetermine the nature of DLP incidents, and incidents trigger actions, such as the blocking of specified content.\r\nYou can allow controlled sharing for members of a domain, organizational unit, or group.\r\nSummary of DLP flow:\r\nYou define DLP rules. These rules define which content is sensitive and should be protected. DLP rules\r\napply to both My Drive and Shared drives.\r\nDLP scans content for DLP rule violations that trigger DLP incidents.\r\nDLP enforces the rules you defined and violations trigger actions, such as alerts.\r\nYou are alerted to DLP rule violations.\r\nFor details on:\r\nDrive DLP, go to Create DLP for Drive rules and custom content detectors.\r\nChat DLP, go to Prevent data leaks from Chat messages and attachments.\r\nUse an audit-only rule to test new DLP rules\r\nYou can test DLP rules by creating rules that don't have an optional action, such as blocking or warning users. If\r\nthese rules are triggered, data related to the incident is written to the Rule log events. For details, go to Step 1:\r\nPlan your rules at Create DLP for Drive rules and custom content detectors.\r\nDLP sample use cases\r\nYou can use DLP to:\r\nhttps://support.google.com/a/answer/9646351\r\nPage 1 of 4\n\nAudit the usage of sensitive content in Drive that your users may have already shared to gather information\r\non sensitive files uploaded by users.\r\nDirectly warn end users not to share sensitive content outside of the domain.\r\nPrevent sharing of sensitive data (such as a Social Security Number) with external users\r\nAlert administrators or others about policy violations or DLP incidents.\r\nInvestigate details of an incident with information on the policy violation.\r\nDLP features\r\nThe following table describes the DLP features:\r\nDLP Features Details\r\nAuthor DLP rules with\r\nscope, condition, and\r\nactions\r\nScope\r\nAuthor policies based on organizational units or groups\r\nOrganizational unit and group inclusion and exclusion - define policy\r\nbased on organizational units in the environment. The rule scans files\r\nowned by users in the selected organizations or groups. See also DLP for\r\nDrive FAQ.\r\nConditions\r\nContents of scanned files or content\r\nRule templates\r\nReusable content detectors\r\nKeyword and word Lists\r\nRegular expressions (Regex)\r\nPredefined detectors to allow inspection on numerous content types. Go to\r\nHow to use predefined content detectors for details.\r\nNested conditions. Go to DLP for Drive rule nested condition operator\r\nexamples for details.\r\nSet detection confidence threshold levels\r\nExtended match count\r\nActions\r\nSet alert and notification rules\r\nBlock externally shared links\r\nWarn end users\r\nAudit Drive file content violations\r\nhttps://support.google.com/a/answer/9646351\r\nPage 2 of 4\n\nDLP Features Details\r\nIncident Management\r\nSends an alert summary to DLP administrators to enable quick detection of\r\nDLP incidents validation of false positives. Go to View alert details for\r\ndetails.\r\nYou receive a DLP alert in the alert center when a DLP rule is triggered.\r\nFrom the Admin console Home page, go to Security and then Alert\r\ncenter. Go to View alert details for details.\r\nReporting and investigation dashboard for policy violations (DLP incidents\r\nand Top Policy Incidents). Go to About the security dashboard for details.\r\nRule investigation\r\nFor rule investigation, use the security investigation tool. Go to About the\r\nsecurity investigation tool for details.\r\nYou must have the privilege Security Center and then Investigation\r\nTool and then Rule and then View Metadata and Attributes to\r\naccess the investigation tool.\r\nUse the Investigation tool to identify, triage, and take action on security\r\nand privacy issues in your domain.\r\nAdmin privileges\r\nView DLP Rules—Allows delegated administrators to view DLP rules\r\nManage DLP Rules—Allows delegated administrators to create, edit and\r\ninvestigate DLP rules.\r\nNote that you must enable both View and Manage permissions to have complete\r\naccess for creating and editing rules.\r\nFor the investigation tool only: Security Center and then Investigation Tool\r\nand then Rule and then View Metadata and Attributes.\r\nApplications and file types scanned by DLP\r\nScanned applications\r\nApplications scanned include:\r\nGoogle Sheets\r\nGoogle Docs\r\nGoogle Slides\r\nGoogle Forms—The following content is scanned:\r\nFiles submitted in response to file upload questions. Responders might be warned or blocked from\r\nsubmitting their responses if they attempt to upload sensitive content.\r\nhttps://support.google.com/a/answer/9646351\r\nPage 3 of 4\n\nForm content (questions and options).\r\nGoogle Vids\r\nContent that isn't scanned by DLP:\r\nComments in Docs, Sheets, Slides, and Google Drawings\r\nComment email notifications\r\nSites content\r\nForms responses (other than file uploads)\r\nScanned file types\r\nFile types scanned for content include:\r\nDocument file types: .doc, .docx, .html, .pdf, .ppt, .pptx, .txt, .wpd, .xls, .xlsx, .xml\r\nImage file types: .bmp, .eps, .fif, .gif, .img_for_ocr, .jpeg, .png, .ps, .tif\r\nCompressed file types: .bzip, .gzip, .rar, .tar, .zip\r\nCustom file types: .hwp, .kml, .kmz, .sdc, .sdd, .sdw, .sxc, .sxi, .sxw, .ttf, .wml, .xps\r\nVideo and audio file types are not scanned.\r\nNote: The actual scanned files can differ by application. For example, for the file types that DLP for Drive\r\nsupports, go to What content is scanned in each Drive file?\r\nAdministrator requirements\r\nTo create and set DLP rules and content detectors, you must be a super administrator or a delegated admin with\r\nthese privileges:\r\nLearn more about administrator privileges and creating custom administrator roles.\r\nCreate DLP for Drive rules and custom content detectors\r\nDLP for Drive rule nested condition operator examples\r\nView DLP for Drive dashboard incidents, alerts, and audit events\r\nView DLP content and rule size limits\r\nDLP for Drive FAQ\r\nRule log events\r\nHow to use predefined content detectors\r\nSource: https://support.google.com/a/answer/9646351\r\nhttps://support.google.com/a/answer/9646351\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://support.google.com/a/answer/9646351"
	],
	"report_names": [
		"9646351"
	],
	"threat_actors": [],
	"ts_created_at": 1775434652,
	"ts_updated_at": 1775791196,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/6e9e9d31869cc66cd8d3be5691be028997fcc06d.pdf",
		"text": "https://archive.orkl.eu/6e9e9d31869cc66cd8d3be5691be028997fcc06d.txt",
		"img": "https://archive.orkl.eu/6e9e9d31869cc66cd8d3be5691be028997fcc06d.jpg"
	}
}