This page documents production updates to Sensitive Data Protection. You can periodically check this page for announcements about new or updated features, known issues, and deprecated functionality.
For a list of known issues for Sensitive Data Protection, see Known issues.
Current version: v2
You can see the latest product updates for all of Google Cloud on the Google Cloud page, browse and filter all release notes in the Google Cloud console, or programmatically access release notes in BigQuery.
To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly.
October 28, 2024
The ITALY_PASSPORT
infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.
October 25, 2024
The PARAGUAY_TAX_NUMBER
infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.
The sensitive data discovery service can now detect the presence of secrets, such as passwords and authentication tokens, in your Cloud Run service revision environment variables. Sensitive Data Protection sends any findings to Security Command Center as vulnerability findings. For more information, see Report secrets in environment variables to Security Command Center.
October 11, 2024
The KOREA_DRIVERS_LICENSE_NUMBER
infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.
October 10, 2024
The INDONESIA_PASSPORT
infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.
October 01, 2024
The current default LOCATION
infoType detection model, which is accessible when InfoType.version
is set to latest
or stable
, is now also used when InfoType.version
is set to legacy
.
The old detection model that was previously accessible by setting InfoType.version
to legacy
is no longer accessible.
The region restriction on the LOCATION
infoType has been lifted. It is now available in all regions.
September 30, 2024
The FINLAND_BUSINESS_ID
infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.
September 17, 2024
The POLITICAL_TERM
infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.
The NEW_ZEALAND_NHI_NUMBER
infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.
September 11, 2024
The discovery service of Sensitive Data Protection now supports Amazon S3. You can run discovery to generate data profiles of your S3 buckets. Data profiles provide metrics and insights about the sensitivity and risk levels of your data to help you plan your data governance workflows.
This feature is available only to Security Command Center Enterprise customers. To use this feature, you need an AWS connector in Security Command Center that has Sensitive Data Protection enabled.
To get started on profiling Amazon S3 data, see the following:
- Connect to AWS for vulnerability detection and risk assessment
- Sensitive data discovery for Amazon S3
- Profile Amazon S3 data
For more information about sensitive data discovery, see Data profiles.
September 10, 2024
The DOD_ID_NUMBER
infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.
September 06, 2024
The SEXUAL_ORIENTATION
infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.
August 27, 2024
Regional endpoints are available for Sensitive Data Protection. Regional endpoints help you meet data residency requirements by keeping data at rest, in use, and in transit within your specified region. For more information, see Global and regional endpoints for Sensitive Data Protection.
Regional endpoints for Sensitive Data Protection are available in the following regions:
australia-southeast1
asia-east1
asia-east2
asia-northeast1
asia-northeast3
asia-south1
asia-south2
asia-southeast1
asia-southeast2
europe-central2
europe-north1
europe-southwest1
europe-west1
europe-west2
europe-west3
europe-west4
europe-west6
europe-west8
europe-west9
me-central1
me-central2
me-west1
southamerica-east1
southamerica-west1
northamerica-northeast1
northamerica-northeast2
us-central1
us-east1
us-east4
us-east5
us-south1
us-west1
us-west2
us-west3
us-west4
August 15, 2024
The PHONE_NUMBER
infoType functionality that was previously only accessible by setting InfoType.version
to latest
has been promoted to be the default detection model for this infoType. The new model includes US_TOLLFREE_PHONE_NUMBER
findings as type PHONE_NUMBER
in the scan results.
To enable the new functionality, leave InfoType.version
unset, or set it to latest
or stable
. To use the old functionality, set InfoType.version
to legacy
. You can continue to use the legacy functionality for 90 days.
August 05, 2024
The ORGANIZATION_NAME
infoType detection model that was previously only accessible by setting InfoType.version
to latest
has been promoted to be the default detection model for this infoType. The new model offers improved detection quality.
To use the new model, leave InfoType.version
unset, or set it to latest
or stable
. To use the old detection model, set InfoType.version
to legacy
. You can continue to use the legacy model for 90 days.
The STREET_ADDRESS
infoType detection model that was previously only accessible by setting InfoType.version
to latest
has been promoted to be the default detection model for this infoType. The new model offers improved detection quality.
To use the new model, leave InfoType.version
unset, or set it to latest
or stable
. To use the old detection model, set InfoType.version
to legacy
. You can continue to use the legacy model for 90 days.
July 31, 2024
The DATE_OF_BIRTH
infoType detection model that was previously only accessible by setting InfoType.version
to latest
has been promoted to be the default detection model for this infoType. The new model offers improved detection quality.
To use the new model, leave InfoType.version
unset, or set it to latest
or stable
. To use the old detection model, set InfoType.version
to legacy
. You can continue to use the legacy model for 90 days.
July 25, 2024
Sensitive Data Protection can now apply tags to your profiled resources based on their calculated data sensitivity. Using these tags, you can configure IAM conditions that automatically grant or deny IAM access to resources based on the sensitivity of the data in those resources.
For more information, see Control IAM access to resources based on data sensitivity.
July 17, 2024
The ARMENIA_PASSPORT
infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.
July 01, 2024
The BELARUS_PASSPORT
infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.
June 28, 2024
Terraform support
You can now use Terraform to create and manage scan configurations. Terraform management of discovery scan configurations is supported for BigQuery data, Cloud SQL data, and secrets in Cloud Functions environment variables. For a detailed reference document about Terraform resources, see data_loss_prevention_discovery_config in the Terraform documentation.
June 27, 2024
The INDIA_PASSPORT
infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.
If you set InfoType.version
to latest
when including the PHONE_NUMBER
infoType in your InspectConfig
, Sensitive Data Protection will now include US_TOLLFREE_PHONE_NUMBER
findings as type PHONE_NUMBER
in the scan results.
You can still use the old functionality by setting InfoType.version
to stable
or leaving it unset when using the PHONE_NUMBER
infoType. In 30 days, the new functionality will be promoted to stable
.
June 24, 2024
The RELIGIOUS_TERM
infoType detector is available in Preview in all regions. For more information about all built-in infoTypes, see InfoType detector reference.
A new detection model is available for the ORGANIZATION_NAME
infoType detector. The new model offers improved detection quality. You can try it out by setting InfoType.version
to latest
when including the ORGANIZATION_NAME
infoType in your InspectConfig
.
You can still use the old model by setting InfoType.version
to stable
or leaving it unset when using the ORGANIZATION_NAME
infoType. In 30 days, the new model will be promoted to stable
.
June 21, 2024
The discovery service of Sensitive Data Protection now supports Cloud Storage. You can run discovery at the organization, folder, or project level to generate data profiles of your Cloud Storage buckets. Data profiles provide metrics and insights about the sensitivity and risk levels of your data to help you plan your data governance workflows.
To get started on profiling Cloud Storage data, see the following:
- Profile Cloud Storage data in a single project
- Profile Cloud Storage data in an organization or folder
For more information about sensitive data discovery, see Data profiles.
June 14, 2024
The AZERBAIJAN_PASSPORT
infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.
June 10, 2024
A new detection model is available for the DATE_OF_BIRTH
infoType detector. The new model offers improved detection quality. You can try it out by setting InfoType.version
to latest
when including the DATE_OF_BIRTH
infoType in your InspectConfig
.
You can still use the old model by setting InfoType.version
to stable
or leaving it unset when using the DATE_OF_BIRTH
infoType. In 30 days, the new model will be promoted to stable
.
June 07, 2024
From May 27 through June 7, 2024, a bug caused Sensitive Data Protection to sometimes inaccurately populate integer fields as null instead of zero for findings written to BigQuery. This bug is now resolved.
For more information about sensitive data inspection, see Inspect Google Cloud storage and databases for sensitive data.
June 06, 2024
The KAZAKHSTAN_PASSPORT
infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.
May 23, 2024
The TRADE_UNION
infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.
May 17, 2024
The LOCATION
infoType detection model that was previously only accessible by setting InfoType.version
to latest
has been promoted to be the default detection model for this infoType. The new model offers improved detection quality.
To use the new model, leave InfoType.version
unset, or set it to latest
or stable
. To use the old detection model, set InfoType.version
to legacy
. You can continue to use the legacy model for 90 days.
May 13, 2024
The IMMIGRATION_STATUS
infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.
The RUSSIA_PASSPORT
infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.
The UKRAINE_PASSPORT
infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.
The UZBEKISTAN_PASSPORT
infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.
April 25, 2024
A new detection model is available for the STREET_ADDRESS
infoType detector. The new model offers improved detection quality. You can try it out by setting InfoType.version
to latest
when including the STREET_ADDRESS
infoType in your InspectConfig
.
You can still use the old model by setting InfoType.version
to stable
or leaving it unset when using the STREET_ADDRESS
infoType. In 30 days, the new model will be promoted to stable
.
April 02, 2024
If you opted to publish your data profiles to Security Command Center, you can configure Security Command Center to prioritize resources automatically according to the sensitivity of the data that the resources contain. For more information, see Set resource priority values automatically by data sensitivity.
If your discovery scan configuration isn't set to publish data profiles to Security Command Center, see Enable publishing to Security Command Center in an existing configuration.
March 28, 2024
The SWITZERLAND_SOCIAL_SECURITY_NUMBER
infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.
March 25, 2024
From February 12 through 27, 2024, a bug caused Sensitive Data Protection to inaccurately set the free-text scores of certain data profiles to 0, where they should have been higher. This bug is now resolved. All affected data profiles have been reprofiled.
For more information about the discovery service, see Data profiles.
March 22, 2024
The discovery and inspection services, which support BigQuery, now support tables that contain columns with INTERVAL
, RANGE<DATE>
, RANGE<DATETIME>
, and RANGE<TIMESTAMP>
data types.
For more information about sensitive data discovery, see Data profiles.
For more information about sensitive data inspection for BigQuery, see Inspect a BigQuery table.
March 07, 2024
The discovery service of Sensitive Data Protection now supports Cloud SQL. You can run discovery at the organization, folder, or project level to generate data profiles of your Cloud SQL tables. Data profiles provide metrics and insights about the sensitivity and risk levels of your data to help you plan your data governance workflows.
To get started on profiling Cloud SQL data, see the following:
For more information about sensitive data discovery, see Data profiles.
March 04, 2024
A new detection model is available for the LOCATION
infoType detector. The new model offers improved detection quality. You can try it out by setting InfoType.version
to latest
when including the LOCATION
infoType in your InspectConfig
.
You can still use the old model by setting InfoType.version
to stable
or leaving it unset when using the LOCATION
infoType. In 30 days, the new model will be promoted to stable
.
February 27, 2024
An improvement was made in the way Sensitive Data Protection calculates the predicted infoType of the data that it profiles. The service now considers correlations between the detected infoTypes, where one infoType is a subset of another. For more information, see Predicted infoType.
For more information about data profiling, see Data profiles.
February 16, 2024
The HTTP_USER_AGENT
infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.
February 15, 2024
The BLOOD_TYPE
infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.
February 01, 2024
You can now configure your discovery scans to reprofile data when the inspection template changes. By default, inspection template changes do not cause the affected data to be reprofiled. For more information, see Frequency of data profile generation.
January 31, 2024
Sensitive Data Protection is now available in Johannesburg, South Africa (africa-south1
region).
For more information, see Sensitive Data Protection locations.
January 10, 2024
The FINANCIAL_ACCOUNT_NUMBER
infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.
November 21, 2023
For BigQuery inspection jobs, when you set a sampling limit based on a percentage of the total number of table
rows
(rowsLimitPercent
),
Sensitive Data Protection can inspect more rows than expected. If you need to
put a hard limit on the number of rows to scan, we recommend setting a maximum
number of rows
(rowsLimit
)
instead.
November 17, 2023
The sensitive data discovery service can now detect the presence of secrets, such as passwords and authentication tokens, in your Cloud Functions environment variables. Sensitive Data Protection sends any findings to Security Command Center as vulnerability findings. For more information, see Report secrets in environment variables to Security Command Center.
November 09, 2023
The following changes were made to the COUNTRY_DEMOGRAPHIC
infoType detector:
- The sensitivity score was changed from
HIGH
toMODERATE
. - The type category was changed from
PII
toDEMOGRAPHIC
.
September 19, 2023
Sensitive Data Protection is available in me-central2
(Dammam). For more information, see Sensitive Data Protection locations.
September 14, 2023
Since August 12, 2023, there has been an increase in latency issues with inspection jobs and data profile generation. These latency issues have been resolved.
July 31, 2023
You can enrich your manually curated metadata in Dataplex with insights gathered from Sensitive Data Protection data profiles. When you export your data profiles to Dataplex, tags are automatically attached to the profiled BigQuery tables. The tags include the following insights:
- Information types (infoTypes) detected in the columns of the table
- Calculated sensitivity level of the table
- Calculated data risk level of the table
For more information, see Tag tables based on insights from data profiles.
July 14, 2023
The PORTUGAL_SOCIAL_SECURITY_NUMBER
infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.
June 28, 2023
The CROATIA_PERSONAL_ID_NUMBER
infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.
June 14, 2023
The subscription pricing mode for the discovery service is now generally available. This pricing mode offers predictable and consistent costs, regardless of your data growth. In subscription mode, you choose how much compute time (capacity) to reserve for profiling. There is no charge for bytes profiled in this pricing mode. For more information, see Discovery pricing.
May 22, 2023
The COUNTRY_DEMOGRAPHIC
infoType detector, which identifies when countries are used for place of birth, residency, or citizenship, is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.
May 04, 2023
The discovery service can now generate the following observation finding types in Security Command Center:
Data sensitivity
Data risk
These findings provide the calculated sensitivity and data risk levels of the BigQuery tables that you profile. Use this information to inform your response plans when you investigate vulnerabilities and threats involving BigQuery tables.
For more information, see Publish data profiles to Security Command Center.
April 21, 2023
The MARITAL_STATUS
infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.
April 17, 2023
You can assign a sensitivity level to a built-in or custom infoType. Cloud DLP uses the sensitivity levels of individual infoTypes to calculate the sensitivity levels of tables that you profile. For more information, see Manage infoTypes through the Google Cloud console.
April 07, 2023
To help you understand and test the discovery service, Cloud DLP has made it easier for you to test profiling on a single table. You can profile up to 25 tables at no additional charge, one at a time. Only tables that are less than or equal to 1 TB in size can be profiled for free. For more information, see Profile a table in test mode.
March 29, 2023
The legacy
version of the STREET_ADDRESS
infoType detection model will stay available until further notice. Previously, this legacy
model was scheduled to be removed on 19 June 2023.
March 21, 2023
The STREET_ADDRESS infoType detection model that was previously only accessible by setting InfoType.version
to latest
has been promoted to be the default detection model for this infoType.
To use the new model, leave InfoType.version
unset, or set it to latest
or stable
. To use the old detection model, set InfoType.version
to legacy
. You can continue to use the legacy model until 19 June 2023 (90 days from the time of this change).
February 23, 2023
Data profiles generated at the column level include the following metrics:
- Estimated null proportion: an approximate proportion of null values in a column, categorized as high, medium, low, or very low.
- Estimated uniqueness: an estimate of how much of the data in a column is unique, categorized as high, medium, or low.
For more information on these metrics, see the Metrics reference.
February 15, 2023
The VAT_NUMBER infoType detector can identify Belgium VAT numbers.
For more information about VAT_NUMBER and other built-in infoType detectors, see InfoType detector reference.
February 06, 2023
To better understand the size and shape of your BigQuery data that's in scope for data profiling, you can run an estimation. Each estimate provides the approximate table count, data size, and profiling cost. For more information on running an estimation, see the following:
- Estimate data profiling cost for an organization or folder
- Estimate data profiling cost for a single project
For more information on data profiling, see Data profiles for BigQuery data.
February 02, 2023
The SSL_CERTIFICATE infoType detector is available in all regions.
January 26, 2023
The PORTUGAL_NIB_NUMBER infoType detector is available in all regions. For more information about all built-in infoTypes, see infoType detector reference.
January 09, 2023
The US_MEDICARE_BENEFICIARY_ID_NUMBER and MEDICAL_RECORD_NUMBER infoType detectors are available in all regions.
December 27, 2022
The current default PERSON_NAME infoType detection model, which is accessible when InfoType.version
is set to latest
or stable
, is now also used when InfoType.version
is set to legacy
.
The old detection model that was previously accessible by setting InfoType.version
to legacy
is no longer accessible.
December 14, 2022
A new detection model is available for the STREET_ADDRESS infoType detector. The new model offers improved detection quality. You can try it out by setting InfoType.version
to latest
when including the STREET_ADDRESS infoType in your InspectConfig
.
You can still use the old model by setting InfoType.version
to stable
or leaving it unset when using the STREET_ADDRESS infoType. In 30 days, the new model will be promoted to stable
.
December 01, 2022
The NEW_ZEALAND_IRD_NUMBER infoType detector is available in all regions.
The VAT_NUMBER infoType detector is available in all regions. Currently, this detector identifies VAT numbers from France, Germany, Hungary, Indonesia, Italy, and the Netherlands.
For more information about all built-in infoTypes, see InfoType detector reference.
November 07, 2022
The ExcludeByHotword
type was added as a type of ExclusionRule. With this new type, you can do the following:
- Exclude a column from inspect findings if the column name matches a regular expression.
- Exclude a finding from inspect findings if that finding is proximate to a string that matches a regular expression.
Previously, you could do these only by setting up a hotword rule that lowers the likelihood of the matching findings.
For more information on excluding findings, see Exclusion rules.
October 19, 2022
The OAUTH_CLIENT_SECRET infoType detector is available in all regions.
October 13, 2022
For new data profiles, infoTypes other than the predicted infoType will include the approximate percentage of non-null rows in which the infoType was detected.
August 29, 2022
The PERSON_NAME infoType detection model that was previously only accessible by setting InfoType.version
to latest
has been promoted to be the default detection model for this infoType.
To use the new model, leave InfoType.version
unset, or set it to latest
or stable
. To use the old detection model, set InfoType.version
to legacy
. You can continue to use the legacy model for 90 days.
August 19, 2022
Cloud DLP can profile BigLake tables. For more information on using Cloud DLP to profile your data, see Data profiles for BigQuery data.
August 01, 2022
Cloud DLP can de-identify sensitive data stored in Cloud Storage. This feature is in generally available. For more information, see De-identification of sensitive data in storage.
July 19, 2022
A new detection model is available for the PERSON_NAME infoType detector. The new model offers improved detection quality. You can try it out by setting InfoType.version
to latest
when including the PERSON_NAME infoType in your InspectConfig
.
You can still use the old model by setting InfoType.version
to stable
or leaving it unset when using the PERSON_NAME infoType. In 30 days, the new model will be promoted to stable
.
July 06, 2022
InfoType categories were added to built-in infoTypes.
To get a list of built-in infoTypes, call the infoTypes.list
method.
June 08, 2022
The LOCATION_COORDINATES infoType detector is available in all regions.
April 14, 2022
The data profiler for BigQuery is generally available (GA). The data profiler is a fully-managed service that continuously scans data across your entire organization to give you general awareness of what data you have, and specific visibility into where sensitive data is stored and processed. For more information, see Data profiles for BigQuery data.
January 18, 2022
The SOUTH_AFRICA_ID_NUMBER infoType detector is available in all regions.
December 13, 2021
The ICCID_NUMBER infoType detector is available in all regions.
December 06, 2021
The dictionary replacement PrimitiveTransformation is generally available. The replacement dictionary replaces each detected sensitive value with a random value selected from a provided word list.
October 18, 2021
The IMSI_ID infoType detector is available in all regions.
October 12, 2021
The data profiler for BigQuery is available in Preview. For more information, see Data profiles for BigQuery data.
June 02, 2021
MEDICAL_TERM infoType detector is now available in all regions.
January 06, 2021
Hybrid Jobs are now available for inspecting external data sources.
December 07, 2020
Added whole document classification support with the following infoType detectors:
- DOCUMENT_TYPE/FINANCE/REGULATORY
- DOCUMENT_TYPE/FINANCE/SEC_FILING
- DOCUMENT_TYPE/HR/RESUME
- DOCUMENT_TYPE/LEGAL/BLANK_FORM
- DOCUMENT_TYPE/LEGAL/BRIEF
- DOCUMENT_TYPE/LEGAL/COURT_ORDER
- DOCUMENT_TYPE/LEGAL/LAW
- DOCUMENT_TYPE/LEGAL/PLEADING
- DOCUMENT_TYPE/R&D/PATENT
- DOCUMENT_TYPE/R&D/SOURCE_CODE
- DOCUMENT_TYPE/R&D/SYSTEM_LOG
- DOCUMENT_TYPE/R&D/DATABASE_BACKUP
November 11, 2020
PERSON_NAME, FIRST_NAME, LAST_NAME, MALE_NAME and FEMALE_NAME infoType detectors are now available in all regions.
October 28, 2020
DATE and TIME infoType detectors are now available in all regions.
September 08, 2020
STREET_ADDRESS infoType detector is now available in all regions.
August 28, 2020
Risk analysis job creation is now available in the Cloud DLP UI in Cloud Console.
Added additional infoType detectors:
- STORAGE_SIGNED_URL
- STORAGE_SIGNED_POLICY_DOCUMENT
July 15, 2020
Added infoType detector:
- ISRAEL_IDENTITY_CARD_NUMBER
June 19, 2020
Added support for location-based processing. Learn more:
June 15, 2020
Added infoType detector:
- VEHICLE_IDENTIFICATION_NUMBER
May 21, 2020
Added additional infoType detectors:
- IRELAND_DRIVING_LICENSE_NUMBER
- IRELAND_EIRCODE
May 16, 2020
Added infoType detectors:
AWS_CREDENTIALS
May 04, 2020
We have made quality and performance enhancements to our name detectors. PERSON_NAME should be used in most scenarios as it will return the most comprehensive finding. MALE_NAME and FEMALE_NAME are now synonymous with FIRST_NAME with
Likelihood
now never being greater than POSSIBLE
. These changes will be rolled out over the coming days.
April 28, 2020
Added additional infoType detector:
- JSON_WEB_TOKEN
April 16, 2020
Added support for PDF
and WORD
FileTypes
and PDF
and WORD_DOCUMENT
BytesTypes
.
April 13, 2020
Added additional infoType detectors:
- IRELAND_PPSN
- IRELAND_PASSPORT
April 08, 2020
Added additional infoType detectors:
AZURE_AUTH_TOKEN
GCP_API_KEY
March 16, 2020
Added support for streaming data from external sources for inspection using hybrid jobs and job triggers. Hybrid jobs and job triggers in Cloud DLP enable you to stream data from virtually any source, whether on- or off-cloud, inspect it using Cloud DLP, and then save the results of the inspection scan as part of a job resource within Cloud DLP or to BigQuery.
March 01, 2020
Regex
, WordList
, and small Dictionary
objects can now be loaded from metadata stored in Cloud Spanner using CustomInfoType.Regex
or CustomInfoType.Dictionary
. Doing this can be useful when sharing regexes or dictionaries for custom infoType inspection across multiple requests.
January 09, 2020
Added additional infoType detectors:
GENERIC_ID
December 10, 2019
Added additional infoType detectors:
AUSTRALIA_DRIVERS_LICENSE_NUMBER
FRANCE_TAX_IDENTIFICATION_NUMBER
November 08, 2019
Added additional infoType detectors:
AUTH_TOKEN
BASIC_AUTH_HEADER
ENCRYPTION_KEY
HTTP_COOKIE
PASSWORD
WEAK_PASSWORD_HASH
XSRF_TOKEN
The summary of a DlpJob
findings can be published to Stackdriver using the new action PublishToStackdriver
. Metrics on bytes inspected and transformed are automatically published for monitoring usage. For more information, see Monitoring with Stackdriver.
The pricing model for content methods has changed from "units" to a simpler model based just on bytes. For more information, see Pricing.
October 10, 2019
Added additional infoType detectors:
ADVERTISING_ID
ORGANIZATION_NAME
SPAIN_DNI_NUMBER
September 13, 2019
Added additional infoType detector:
SCOTLAND_COMMUNITY_HEALTH_NUMBER
August 26, 2019
The Cloud DLP user interface (UI) is now generally available (GA) in the Google Cloud Platform Console.
August 15, 2019
Added additional infoType detector:
MEDICAL_TERM
August 05, 2019
Added additional infoType detector:
SPAIN_SOCIAL_SECURITY_NUMBER
July 09, 2019
Added additional infoType detectors:
GERMANY_SCHUFA_ID
CREDIT_CARD_TRACK_NUMBER
ITALY_FISCAL_CODE
June 28, 2019
Added additional infoType detector:
STREET_ADDRESS
June 12, 2019
New simplified SKU for scanning of data in storage. Updated Pricing.
Support for structured scanning of Avro files, surfacing findings as rows and columns rather than byte offsets. Existing jobs will begin scanning Avro files as structured.
May 31, 2019
Added support for CustomInfoTypes
and DetectionRules
to the Cloud DLP Beta UI in the Google Cloud Platform Console.
April 18, 2019
Added additional infoType detectors:
GERMANY_DRIVERS_LICENSE_NUMBER
GERMANY_IDENTITY_CARD_NUMBER
HONG_KONG_ID_NUMBER
INDIA_AADHAAR_INDIVIDUAL
INDIA_GST_INDIVIDUAL
THAILAND_NATIONAL_ID_NUMBER
April 04, 2019
Added additional infoType detectors:
INDONESIA_NIK_NUMBER
AUSTRALIA_PASSPORT
BELGIUM_NATIONAL_ID_CARD_NUMBER
GERMANY_TAXPAYER_IDENTIFICATION_NUMBER
PASSPORT
SINGAPORE_NATIONAL_REGISTRATION_ID_NUMBER
SINGAPORE_PASSPORT
TAIWAN_PASSPORT
TURKEY_ID_NUMBER
March 29, 2019
Added new crypto-based tokenization method: CryptoDeterministicConfig
. For more information, see Transformations Reference.
March 08, 2019
Added new Cloud DLP Beta UI in the Google Cloud Platform Console.
February 11, 2019
Clarified the documentation as to what behavior users can expect for the ALL_BASIC
.
Updated the default list of infotypes included in ALL_BASIC
.
December 12, 2018
De-identification requests using CryptoReplaceFfxFpeConfig
now correctly validate the alphabet of the value being transformed to match the transformations alphabet, now correctly rejecting values with whitespace, when whitespace is not part of the alphabet. Invalid requests will return an error in the TransformationSummary
with the message "CryptoReplaceFfxFpeConfig's 'alphabet' does not include all the characters in the value being transformed; the set of distinct characters in any given value being transformed by this transformation must be a subset of the set of characters comprising the 'alphabet'."
October 25, 2018
Added an additional infoType detector:
NORWAY_NI_NUMBER
October 02, 2018
Added support to Cloud Storage FileSet
for using regular expression filters to specify which files to include or exclude from the scan. This is useful for cases where the set of files to scan cannot be concisely expressed with a path and wildcards, such as:
- Scan all files, but skip some specific files or folders that you are confident have no sensitive data.
- Scan only files whose endings are in some known set of file extensions - for example, only .txt, .csv, and .json files.
- Scan only files whose endings aren't in some known set of extensions - for example, skip .pdf files.
September 19, 2018
Added support for augmenting existing infoType detectors using exclusion rules and hotword rules.
August 24, 2018
Added an additional infoType detector:
DENMARK_CPR_NUMBER
August 17, 2018
Added additional infoType detectors:
CANADA_DRIVERS_LICENSE_NUMBER
DATE
DATE_OF_BIRTH
FEMALE_NAME
FINLAND_NATIONAL_ID_NUMBER
GCP_CREDENTIALS
GENDER
JAPAN_BANK_ACCOUNT
JAPAN_DRIVERS_LICENSE_NUMBER
MALE_NAME
NETHERLANDS_PASSPORT
SPAIN_DRIVERS_LICENSE_NUMBER
SWEDEN_NATIONAL_ID_NUMBER
SWEDEN_PASSPORT
TIME
US_STATE
August 10, 2018
Added support for large custom dictionaries. Cloud DLP can now scan for dictionaries containing up to tens of millions of entries.
Added support to CloudStorageOptions
for limiting the number of bytes to scan per file by percentage.
Added support to BigQueryOptions
for limiting the number of rows to scan per file by percentage.
June 01, 2018
Added support for delta-presence estimation, a risk metric used when membership in the dataset is itself a piece of sensitive information.
May 18, 2018
Added sample_method
flag to BigQueryOptions
and CloudStorageOptions
for limiting scans to a sample of content. This is useful to more efficiently scan large datasets where the intent is to only determine whether sensitive data may be located there and the exhaustive list of findings is not necessary.
April 25, 2018
Added row_limit
flag to BigQueryOptions
to allow for sampling tables instead of scanning all rows.
Dictionaries can now be loaded from files stored in Cloud Storage that consist of newline-delimited lists of phrases using the cloud_storage_path
parameter in CustomInfoType.Dictionary
. Useful when sharing dictionaries for custom inspection across multiple requests.
For customers using Cloud Security Command Center, the summary of a DlpJob
can be published to Cloud SCC using the new action PublishSummaryToCscc
.
March 21, 2018
Cloud Data Loss Prevention (DLP) General Availability (GA) Release
Launched the new V2 version of the API.
The jobs.create
method has been added to replace dataSource.analyze
and dataSource.inspect
.
The ContentItem
object has been simplified with a BytesType
enum to specify the type of data to inspect.
The Finding
object has been expanded with a new ContentLocation
to better report findings from various data types (including images, records, and documents).
InfoTypeStatistics
object has been renamed to InfoTypeStats
.
The v2beta1 and v2beta2 APIs are now deprecated.
February 16, 2018
Newly added JobTriggers
allow for scheduling regular scans of storage. Combined with the new TimespanConfig
, scans can be limited to only re-scanning new or modified content in BigQuery and Cloud Storage.
Added support for regular expression-based custom detectors.
Added support for choosing a default likelihood for CustomInfoType
detectors and for adjusting likelihood using a new DetectionRule
, which looks for related content within the vicinity of a finding.
Job completion notifications for both risk analysis and inspection can now be sent to Cloud Pub/Sub.
December 14, 2017
Launched the new v2beta2 version of the API, which includes a number of new and improved features, including templates for persisting de-identification and inspect configurations, a simplified job API for inspecting storage and risk analysis, and more.
Tips for migrating:
Content
API methods now take a singleContentItem
.InspectConfig
now has a default likelihood, so when left unset findings belowPOSSIBLE
will be excluded automatically.- Findings from inspect storage are now always stored in your own BigQuery instance, giving you more control of where your sensitive data is stored.
content.redact
, was deprecated in favor of usingcontent.deidentify
, for redacting text, andimage.redact
, for redacting images.InspectConfig
now requires at least oneInfoType
orCustomInfoType
.- Long running operations were replaced by
DlpJob
objects for risk analysis and storage inspection.inspect.operations.create
was renamed todataSource.inspect
.
November 22, 2017
Added a new risk analysis metric, k-map estimation, to dataSource.analyze
.
October 20, 2017
Launched support for searching for words or phrases from a custom dictionary provided by the user with the addition of CustomInfoType
to InspectConfig
. This feature is enabled in content.inspect
, content.redact
, content.deidentify
, and inspect.operations.create
.
September 15, 2017
Launched support to de-identify content with the addition of content.deidentify
.
Launched support to conduct risk analysis on BigQuery with the addition of dataSource.analyze
.
August 17, 2017
Added support to limit the number of findings per InfoType
with the addition of InfoTypeLimit
in InspectConfig
.
Added support to limit the number of findings per file, Cloud Datastore entity, or database row with the addition of OperationConfig
to inspect.operations.create
.
August 10, 2017
Added support for scanning and redacting structured data in both content.redact
and content.inspect
by providing a Table
in ContentItem
.
August 03, 2017
BigQuery can now be scanned using inspect.operations.create
.
Results can now be stored to BigQuery when scanning BigQuery, Cloud Datastore, and Cloud Storage using inspect.operations.create
.
June 15, 2017
Added support for auto-redacting all text from images. You can now also choose custom colors when using content.redact
to fill the bounding boxes during image redaction.
May 11, 2017
Launched support to filter findings by infoType and likelihood when using inspect.results.list
.
May 01, 2017
You can now store results from scanning Cloud Datastore or Cloud Storage using inspect.operations.create
. Results are stored in Cloud Storage.
March 23, 2017
Added support for auto-redacting findings in images. You can now use content.redact
to fill the bounding box of a finding with a solid color.
March 09, 2017
Launch of Cloud DLP API to Beta. Cloud DLP API enables developers and data owners to better understand and manage sensitive data by providing a fast, scalable classification for sensitive elements. Scan small text streams and images or larger datasets in Cloud Storage and Cloud Datastore. The Cloud DLP API is currently available as a REST API.