Cloud DLP release notes

Stay organized with collections Save and categorize content based on your preferences.

This page documents production updates to Cloud Data Loss Prevention. You can periodically check this page for announcements about new or updated features, known issues, and deprecated functionality.

For a list of known issues for Cloud DLP, see Known issues.

Current version: v2

You can see the latest product updates for all of Google Cloud on the Google Cloud page, browse and filter all release notes in the Google Cloud console, or you can programmatically access release notes in BigQuery.

To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly:

August 29, 2022

The PERSON_NAME infoType detection model that was previously only accessible by setting InfoType.version to latest has been promoted to be the default detection model for this infoType.

To use the new model, leave InfoType.version unset, or set it to latest or stable. To use the old detection model, set InfoType.version to legacy. You can continue to use the legacy model for 90 days.

August 01, 2022

Cloud DLP can de-identify sensitive data stored in Cloud Storage. This feature is in generally available. For more information, see De-identification of sensitive data in storage.

July 19, 2022

A new detection model is available for the PERSON_NAME infoType detector. The new model offers improved detection quality. You can try it out by setting InfoType.version to latest when including the PERSON_NAME infoType in your InspectConfig.

You can still use the old model by setting InfoType.version to stable or leaving it unset when using the PERSON_NAME infoType. In 30 days, the new model will be promoted to stable.

July 06, 2022

InfoType categories were added to built-in infoTypes.

To get a list of built-in infoTypes, call the infoTypes.list method.

June 08, 2022

The LOCATION_COORDINATES infoType detector is available in all regions.

April 14, 2022

The data profiler for BigQuery is generally available (GA). The data profiler is a fully-managed service that continuously scans data across your entire organization to give you general awareness of what data you have, and specific visibility into where sensitive data is stored and processed. For more information, see Data profiles for BigQuery data.

January 18, 2022

The SOUTH_AFRICA_ID_NUMBER infoType detector is available in all regions.

December 13, 2021

The ICCID_NUMBER infoType detector is available in all regions.

October 18, 2021

The IMSI_ID infoType detector is available in all regions.

October 12, 2021

The data profiler for BigQuery is available in Preview. For more information, see Data profiles for BigQuery data.

June 02, 2021

MEDICAL_TERM infoType detector is now available in all regions.

January 06, 2021

Hybrid Jobs are now available for inspecting external data sources.

December 07, 2020

Added whole document classification support with the following infoType detectors:


November 11, 2020

PERSON_NAME, FIRST_NAME, LAST_NAME, MALE_NAME and FEMALE_NAME infoType detectors are now available in all regions.

October 28, 2020

DATE and TIME infoType detectors are now available in all regions.

September 08, 2020

STREET_ADDRESS infoType detector is now available in all regions.

August 28, 2020

Risk analysis job creation is now available in the Cloud DLP UI in Cloud Console.

Added additional infoType detectors:


July 15, 2020

Added infoType detector:


June 19, 2020

Added support for location-based processing. Learn more:

June 15, 2020

Added infoType detector:


May 21, 2020

Added additional infoType detectors:


May 16, 2020

Added infoType detectors:


May 04, 2020

We have made quality and performance enhancements to our name detectors. PERSON_NAME should be used in most scenarios as it will return the most comprehensive finding. MALE_NAME and FEMALE_NAME are now synonymous with FIRST_NAME with Likelihood now never being greater than POSSIBLE. These changes will be rolled out over the coming days.

April 28, 2020

Added additional infoType detector:


April 16, 2020

Added support for PDF and WORD FileTypes and PDF and WORD_DOCUMENT BytesTypes.

April 13, 2020

Added additional infoType detectors:


April 08, 2020

Added additional infoType detectors:


March 16, 2020

Added support for streaming data from external sources for inspection using hybrid jobs and job triggers. Hybrid jobs and job triggers in Cloud DLP enable you to stream data from virtually any source, whether on- or off-cloud, inspect it using Cloud DLP, and then save the results of the inspection scan as part of a job resource within Cloud DLP or to BigQuery.

March 01, 2020

Regex, WordList, and small Dictionary objects can now be loaded from metadata stored in Cloud Spanner using CustomInfoType.Regex or CustomInfoType.Dictionary. Doing this can be useful when sharing regexes or dictionaries for custom infoType inspection across multiple requests.

January 09, 2020

Added additional infoType detectors:


December 10, 2019

Added additional infoType detectors:


November 08, 2019

Added additional infoType detectors:


The summary of a DlpJob findings can be published to Stackdriver using the new action PublishToStackdriver. Metrics on bytes inspected and transformed are automatically published for monitoring usage. For more information, see Monitoring with Stackdriver.

The pricing model for content methods has changed from "units" to a simpler model based just on bytes. For more information, see Pricing.

October 10, 2019

Added additional infoType detectors:


September 13, 2019

Added additional infoType detector:


August 26, 2019

The Cloud DLP user interface (UI) is now generally available (GA) in the Google Cloud Platform Console.

August 15, 2019

Added additional infoType detector:


August 05, 2019

Added additional infoType detector:


July 09, 2019

Added additional infoType detectors:


June 28, 2019

Added additional infoType detector:


June 12, 2019

New simplified SKU for scanning of data in storage. Updated Pricing.

Support for structured scanning of Avro files, surfacing findings as rows and columns rather than byte offsets. Existing jobs will begin scanning Avro files as structured.

May 31, 2019

Added support for CustomInfoTypes and DetectionRules to the Cloud DLP Beta UI in the Google Cloud Platform Console.

April 18, 2019

Added additional infoType detectors:


April 04, 2019

Added additional infoType detectors:


March 29, 2019

Added new crypto-based tokenization method: CryptoDeterministicConfig. For more information, see Transformations Reference.

March 08, 2019

Added new Cloud DLP Beta UI in the Google Cloud Platform Console.

February 11, 2019

Clarified the documentation as to what behavior users can expect for the ALL_BASIC.

Updated the default list of infotypes included in ALL_BASIC.

December 12, 2018

De-identification requests using CryptoReplaceFfxFpeConfig now correctly validate the alphabet of the value being transformed to match the transformations alphabet, now correctly rejecting values with whitespace, when whitespace is not part of the alphabet. Invalid requests will return an error in the TransformationSummary with the message "CryptoReplaceFfxFpeConfig's 'alphabet' does not include all the characters in the value being transformed; the set of distinct characters in any given value being transformed by this transformation must be a subset of the set of characters comprising the 'alphabet'."

October 25, 2018

Added an additional infoType detector:


October 02, 2018

Added support to Cloud Storage FileSet for using regular expression filters to specify which files to include or exclude from the scan. This is useful for cases where the set of files to scan cannot be concisely expressed with a path and wildcards, such as:

  • Scan all files, but skip some specific files or folders that you are confident have no sensitive data.
  • Scan only files whose endings are in some known set of file extensions - for example, only .txt, .csv, and .json files.
  • Scan only files whose endings aren't in some known set of extensions - for example, skip .pdf files.

September 19, 2018

Added support for augmenting existing infoType detectors using exclusion rules and hotword rules.

August 24, 2018

Added an additional infoType detector:


August 17, 2018

Added additional infoType detectors:

  • DATE
  • TIME

August 10, 2018

Added support for large custom dictionaries. Cloud DLP can now scan for dictionaries containing up to tens of millions of entries.

Added support to CloudStorageOptions for limiting the number of bytes to scan per file by percentage.

Added support to BigQueryOptions for limiting the number of rows to scan per file by percentage.

June 01, 2018

Added support for delta-presence estimation, a risk metric used when membership in the dataset is itself a piece of sensitive information.

May 18, 2018

Added sample_method flag to BigQueryOptions and CloudStorageOptions for limiting scans to a sample of content. This is useful to more efficiently scan large datasets where the intent is to only determine whether sensitive data may be located there and the exhaustive list of findings is not necessary.

April 25, 2018

Added row_limit flag to BigQueryOptions to allow for sampling tables instead of scanning all rows.

Dictionaries can now be loaded from files stored in Cloud Storage that consist of newline-delimited lists of phrases using the cloud_storage_path parameter in CustomInfoType.Dictionary. Useful when sharing dictionaries for custom inspection across multiple requests.

For customers using Cloud Security Command Center, the summary of a DlpJob can be published to Cloud SCC using the new action PublishSummaryToCscc.

March 21, 2018

Cloud Data Loss Prevention (DLP) General Availability (GA) Release

Launched the new V2 version of the API.

The jobs.create method has been added to replace dataSource.analyze and dataSource.inspect.

The ContentItem object has been simplified with a BytesType enum to specify the type of data to inspect.

The Finding object has been expanded with a new ContentLocation to better report findings from various data types (including images, records, and documents).

InfoTypeStatistics object has been renamed to InfoTypeStats.

The v2beta1 and v2beta2 APIs are now deprecated.

February 16, 2018

Newly added JobTriggers allow for scheduling regular scans of storage. Combined with the new TimespanConfig, scans can be limited to only re-scanning new or modified content in BigQuery and Cloud Storage.

Added support for regular expression-based custom detectors.

Added support for choosing a default likelihood for CustomInfoType detectors and for adjusting likelihood using a new DetectionRule, which looks for related content within the vicinity of a finding.

Job completion notifications for both risk analysis and inspection can now be sent to Cloud Pub/Sub.

December 14, 2017

Launched the new v2beta2 version of the API, which includes a number of new and improved features, including templates for persisting de-identification and inspect configurations, a simplified job API for inspecting storage and risk analysis, and more.

Tips for migrating:

  • Content API methods now take a single ContentItem.
  • InspectConfig now has a default likelihood, so when left unset findings below POSSIBLE will be excluded automatically.
  • Findings from inspect storage are now always stored in your own BigQuery instance, giving you more control of where your sensitive data is stored.
  • content.redact, was deprecated in favor of using content.deidentify, for redacting text, and image.redact, for redacting images.
  • InspectConfig now requires at least one InfoType or CustomInfoType.
  • Long running operations were replaced by DlpJob objects for risk analysis and storage inspection. inspect.operations.create was renamed to dataSource.inspect.

November 22, 2017

Added a new risk analysis metric, k-map estimation, to dataSource.analyze.

October 20, 2017

Launched support for searching for words or phrases from a custom dictionary provided by the user with the addition of CustomInfoType to InspectConfig. This feature is enabled in content.inspect, content.redact, content.deidentify, and inspect.operations.create.

September 15, 2017

Launched support to de-identify content with the addition of content.deidentify.

Launched support to conduct risk analysis on BigQuery with the addition of dataSource.analyze.

August 17, 2017

Added support to limit the number of findings per InfoType with the addition of InfoTypeLimit in InspectConfig.

Added support to limit the number of findings per file, Cloud Datastore entity, or database row with the addition of OperationConfig to inspect.operations.create.

August 10, 2017

Added support for scanning and redacting structured data in both content.redact and content.inspect by providing a Table in ContentItem.

August 03, 2017

BigQuery can now be scanned using inspect.operations.create.

Results can now be stored to BigQuery when scanning BigQuery, Cloud Datastore, and Cloud Storage using inspect.operations.create.

June 15, 2017

Added support for auto-redacting all text from images. You can now also choose custom colors when using content.redact to fill the bounding boxes during image redaction.

May 11, 2017

Launched support to filter findings by infoType and likelihood when using inspect.results.list.

May 01, 2017

You can now store results from scanning Cloud Datastore or Cloud Storage using inspect.operations.create. Results are stored in Cloud Storage.

March 23, 2017

Added support for auto-redacting findings in images. You can now use content.redact to fill the bounding box of a finding with a solid color.

March 09, 2017

Launch of Cloud DLP API to Beta. Cloud DLP API enables developers and data owners to better understand and manage sensitive data by providing a fast, scalable classification for sensitive elements. Scan small text streams and images or larger datasets in Cloud Storage and Cloud Datastore. The Cloud DLP API is currently available as a REST API.