Data protection rules are custom rules that are created by domain administrators from the rules page. You can use these rules to be notified of specific activity related to the use of Drive files within your domain.
To create a data protection rule:
-
Sign in to your Google Admin console.
Sign in using an account with super administrator privileges (does not end in @gmail.com).
-
In the Admin console, go to Menu Rules.
- From the Rules page, click Create rule.
- From the drop-down menu, select Data protection.
- Type a name and description for the rule.
- Under Scope, select the org units and/or groups this rule applies to.
Note: If you select a group scope, only those groups created by administrators within the Google Admin console are supported. - Select the apps you want to protect data for:
For Drive: This rule applies to the files owned by users in the selected org unit or group.
For Chat: This rule applies to messages or files uploaded by users in the org unit or group.
For Chrome: This rule applies when users in the org unit or group take specific actions with the content (for example, upload content).
- Click Continue.
- Select the events that will trigger your rule. For example, under Google Drive, check the File modified box.
- Set the conditions for your rule. For example, specify whether the rule applies to all content within the file, the body, suggestions, or to the title.
(You can add more than one condition by clicking Add Condition.) - Enter a value for the condition—Contains, Matches default detector, Matches regex detector, or Matches word list detector—and enter the criteria for the condition.
For additional information, see Examples of regular expressions. - Click Continue.
- Select the actions to take when conditions find matches—for example, Block external sharing or Warn on external sharing.
- Select the severity: High, Medium, or Low.
- (Optional) Check the Send to alert center box. If you want to receive email notifications, add recipients during this step.
- Click Continue.
- Review the criteria for your rule, and then click Create.
Create data protection rules using predefined templates
You can quickly set up and create data protection rules using predefined templates.
Templates enable you to choose from a list of recommended rules that are based on common use cases and best practices. For example, there are rule templates to prevent the sharing of financial information, health information, and personally identifiable information.
You can create a rule based on the default settings of a template, or you can customize the template to change the scope, conditions, actions, or alerts.
-
Sign in to your Google Admin console.
Sign in using an account with super administrator privileges (does not end in @gmail.com).
-
In the Admin console, go to Menu Rules.
- Click Templates.
- Click one of the templates in the list—for example, Prevent financial information sharing (International) or Prevent health information sharing (US).
- (Optional) Edit the rule name and rule description.
- Choose your rule's scope. You can apply to all in your domain (the default setting), or you can apply to specific organizational units or groups.
- Click Continue.
- (Optional) Under Triggers, Conditions, and Actions, change or add any settings and click Done. For details, see How to define a rule.
- Click Create and activate.