New GDPR sensitive information types help you manage and protect personal data
In February we announced several new capabilities coming soon to help organizations protect their sensitive data – across devices, apps, cloud services and on-premises. Today we’re announcing the general availability of several new sensitive information types and a new template that helps you discover, classify, protect and manage personal information that is relevant to GDPR obligations.
The addition of the new personal information data types adds to the existing built-in sensitive information types that are available in the Office 365 security & compliance center. You can use these sensitive information types in defining your data governance and data protection policies – there are now 87 different data types to choose from. While many of the previous sensitive information types were relevant to GDPR, the new sensitive information types help provide a more complete and consolidated set. The new personal information data types include:
- EU passport number
- EU national identification number
- EU driver’s license number
- EU tax identification number (TIN)
- EU social security number (SSN) or equivalent ID
For each of these information types, the service detects data that matches the specific patterns used by the 28 EU countries. For example, configuring your policy to include “EU driver’s license number” will detect driver’s license numbers used by any of the 28 covered EU countries.
When configuring data governance or data loss prevention policies, you can now scan Office 365 locations (e.g. Exchange Online, SharePoint Online, OneDrive for Business) for personal information that matches the new EU data types, and then apply the desired data retention or protection actions. You can customize your policies to look for any combination of these new personal data types or use in conjunction with any of the other existing sensitive information types. For example, you can detect EU national identification numbers and EU passport numbers (both of which are new information types), in combination with US passport numbers (a previously available information type). We’ve also made it easy to detect any of the EU personal information data types by providing a GDPR template that consolidates these new information types into a single group that you can use in your policy configuration.
As with all the other sensitive information types, there is a lot of flexibility to customize and fine-tune the parameters to meet your specific needs. Learn more about the built-in sensitive information types or even create your own custom sensitive information types (such as employee ID numbers that are unique to your company).
We’re excited to release the new EU sensitive information types and GDPR template – this should help make it easier to discover, classify, protect and manage GDPR related personal information. Our support articles have also been updated with details on the specific detection methods and patterns associated with each of the data types. These new sensitive information types are available now in the Office 365 security and compliance center, and we are targeting these to also be available in Azure Information Protection in Q3 CY18. We are also investigating adding more EU personal information data types in the future and will provide more details as plans get formalized.