Cloud Data Loss Prevention (Cloud DLP) is now a part of Sensitive Data Protection. The API name remains the same: Cloud Data Loss Prevention API (DLP API). For information about the services that make up Sensitive Data Protection, see Sensitive Data Protection overview.

Manage infoTypes through the Google Cloud console

This page describes how to add and edit infoTypes in your inspection configuration through the Google Cloud console.

When you use Sensitive Data Protection to inspect or profile data, you use an inspection configuration to specify the information types (infoTypes) that you want to scan for. The following Sensitive Data Protection operations in the Google Cloud console let you set your inspection configuration:

These operations in the Google Cloud console have an InfoTypes section, where you can select infoTypes, edit the settings of built-in infoTypes, and add custom infoTypes. The step that contains the InfoTypes section differs depending on the operation that you're performing. The following table shows the relevant workflow step for each operation.

Operation	Relevant step
Creating an inspection template	Configure detection
Creating an inspection job or job trigger	Configure detection
Creating a discovery scan configuration	Select inspection template

Select built-in infoTypes

In the InfoTypes section, click Manage infoTypes.
To narrow the selection of infoTypes, apply filters in the Filter field. Select a property name to filter on and enter a property value. For example, to filter for all infoTypes related to Australia, set the property name to Location. For the property value, select or type Australia.

If you know the infoType name, you can also type it directly in the Filter field.
To view all category tags for an infoType, click Toggle full cell content for that infoType.
To hide or unhide columns, click Column display options, and select the names of the columns that you want to display.
Select the infoTypes that you want to include in your inspection configuration.
Click Done.

Edit the settings of a built-in infoType

As you set the infoTypes that you want to include in your inspection configuration, you can additionally edit the settings of one or more of those infoTypes. You can edit the sensitivity level and, for some infoTypes, the infoType version.

Select the built-in infoTypes that you want to include in your inspection configuration, including the infoTypes that you don't need to edit. Don't click Done.
Click Edit selected infoTypes.
For each infoType that you want to edit, use the drop-down lists to select a sensitivity level or a detector version.
Click Confirm.
Click Done.

Add custom infoTypes

This section describes how to add a custom infoType based on an underlying set of data. The underlying data can be any of the following:

A list of words or phrases that you provide inline in the inspection configuration.
A list of words or phrases that you store in a text file in Cloud Storage.
A large list of words or phrases that you store in a large text file in Cloud Storage or a column in BigQuery.

For this type, you must first create a stored infoType that points to the large custom dictionary, before performing this task.
A regular expression that you provide inline in the inspection configuration.

Whether you can reuse the new custom infoType depends on which operation you were performing when you created the custom infoType:

If you create a custom infoType while creating an inspection job or job trigger, the custom infoType is available to only that job or job trigger.
If you create a custom infoType while creating an inspection template, the custom infoType is available to any operation that uses the inspection template.
If you create a custom infoType while configuring profiling, Sensitive Data Protection creates a new inspection template from your inspection configuration. The custom infoType is available to any operation that uses that new inspection template.

For more information about custom infoTypes, see Custom infoType detectors.

To add a custom infoType detector, do the following:

In the InfoTypes section, click Manage infoTypes.
On the Custom tab, click Add custom infoType.
For Type, choose the type of custom infoType detector that you want to create:
- Words or phrases: Matches on one or more words or phrases that you enter into the field. You can enter up to 128 KB of data, which equates to thousands of entries.
  
  When you select this type, the List of words or phrases field appears. Enter the word or phrase that you want Sensitive Data Protection to match on. To match on multiple words or phrases, press Enter after each entry. For more information, see Creating a regular custom dictionary detector.
- Dictionary path: Matches on words or phrases that you store in a text file in Cloud Storage. Use this custom infoType when you have hundreds of thousands of words or phrases to search for. This approach is also useful if your list contains sensitive terms and you don't want to store them inline in the inspection configuration.
  
  When you select this type, the Dictionary location field appears. Enter or browse to the Cloud Storage path where the dictionary file is stored. For more information, see Creating a regular custom dictionary detector.
- Regex: Matches content based on a regular expression.
  
  When you select this type, the Regex field appears. Enter a regular expression pattern to match words and phrases. For more information, see the supported regular expression syntax.
- Stored infoType: Matches on words or phrases that you store in a large text file in Cloud Storage or a single column in BigQuery.
  
  This option adds a large custom dictionary detector. Use this kind of custom infoType if you have millions of words or phrases to search for.
  
  For this type, you must have already created a stored infoType that points to the underlying large custom dictionary.
  
  When you select this type, the Stored infoType name field appears. Enter the full resource name of the stored infoType.
For InfoType, enter a name for the custom infoType to be created.

If you're creating a custom infoType that is of type Stored infoType, enter a name that is different from the name of the underlying stored infoType.
For Likelihood, select the default likelihood level that you want to assign to all findings that match this custom infoType. You can further fine-tune the likelihood level of individual findings by using hotword rules. If you don't specify a default value, the default likelihood level is set to VERY_LIKELY. For more information, see Match likelihood.
For Sensitivity, select the sensitivity level that you want to assign to all findings that match this custom infoType. If you don't specify a value, the sensitivity levels of those findings are set to HIGH.

Sensitivity scores are used in data profiles. When profiling your data, Sensitive Data Protection uses the sensitivity scores of the infoTypes to calculate the sensitivity level.
Click Done.
Optional: To add another custom infoType, click Add custom infoType again.
Click Done.

What's next

Refer to a list of built-in infoType detectors.
Learn more about custom infoType detectors.
Learn how to create a regular custom dictionary detector through the DLP API.
Learn how to create a large custom dictionary detector through the DLP API.
Learn how to create a custom regular expression detector through the DLP API.