How can we help?
Get help straight from our team...
Data Protection
Use Googles data loss prevention (DLP) to scan Google Drive file sharing and prevent data loss.
Using data loss prevention (DLP), you can create and apply rules to control the content that users can share in Google Drive files outside the organisation. DLP gives you control over what users can share, and prevents unintended exposure of sensitive information such as credit card numbers or identity numbers.
Updated 6 hours ago
Google have a detailed guide here
We've created a simpler guide with some recommendations below:
Firstly create a group of users in google for all of the office admins and other users permitted to share private data
1- Navigate to admin.google.com
2- Select Security>Data Protection
3- Select Manage Rules
4- Select ADD RULE and choose ‘New rule from template’ (its a good place to start)
Select ‘Prevent PII information sharing (UK)’ from templates
5- You can edit this by editing the Name* and Description as screenshot
6- Select Scope to decide what to restrict and if you want to bypass the rules for a specific group or OU e.g officeadmins@ group or an office@ group for example
Select 'Organisational units and/or groups’- we are going to choose all OUs as screenshot below
7- then exclude a group of exempt users e.g. officeadmins@ as below
8- Click the blue DONE button Bottom Right to add some conditions- Lots are pre-added e.g. NI number, NHS number, Drivers license numbers etc. via the template that we previously selected- You can edit the conditions on that page and select the likelihood of the data leak- for most schools this will be low BUT set as required. You can also select minimum unique matches and minimum match count these are default 1
Once you have added all Conditions click CONTINUE to add Actions and Alert
9- Select the dropdown under Actions and decide to Block external sharing, Warn on external sharing or Disable download, print, and copy… as below
10- Select ‘Send to alert centre’ and ‘Send email notifications’ either tick All superadmins though we think this may be too many people - instead Add an email recipient who is responsible for Data protection - We have in this case selected our test mentor
11- Select CONTINUE where you’ll see a preview of the rule and can select to CREATE the rule
12- You will now see that the Rule has been created and screenshot
You can now go back to the Data Protection Rules page and create more rules if required- e.g. sharing bank details, credit card details etc .