The Security Advisor for Data Protection in Google Workspace for Education gives administrators a graphical interface to configure Data Loss Prevention (DLP) rules. With this feature, administrators can apply default DLP rules across multiple data categories, including Personally Identifiable Information (PII), letting admins streamline data security management within educational environments.
What You Will Learn
Recommendation for the feature
Requirements and Configuration
How it works
Resources
Recommendation
By default, the setting for each data category is OFF.
- K-12 Recommendation: We recommend against using the Security Advisor and leaving the templates unchanged.
- Higher Education Recommendation: We recommend against using the Security Advisor and leaving the templates unchanged.
See Google Workspace Data Loss Prevention (DLP) Rules for information on configuring DLP rules.
Requirements and Configuration
Navigation Path:
Security > Access and data control > Data protection ~ Go to security advisor for data protection
- Go to the Security advisor for data protection page.
- For each category (Personal identifiable information, Financial data, Healthcare data, and Global sensitive data), select the action to take for Drive files containing sensitive data. Options include Warn users, Block users, and Customize.
- If Customize is selected as the action, the page updates allowing granular settings. Choose an action for the necessary settings. Options include Warn users and Block users.
- If Customize is selected as the action, the page updates allowing granular settings. Choose an action for the necessary settings. Options include Warn users and Block users.
- Changes to the Security advisor take effect immediately. Use the back arrow at the top left of the page to return to the Data Protection Admin console page.
How It Works
The Security Advisor organizes DLP rules into four main categories (PII, Financial Data, Healthcare Data, and Global Sensitive Data) with over 50 individual data types, making it easy to control what sensitive data can be accessed and shared within your domain. While admins cannot delete the DLP policies, they can adjust the Action setting for each policy to Warn users, Block actions, or turn off the rule as needed. The Security advisor is inflexible.
When a stricter policy is applied, it takes precedence over less restrictive actions, enforcing the most secure configurations. Admins can only set the settings at the domain level, and with the way precedence works, there is no way to make exceptions. Also, notifications are not available for these policies.
Links to Support Articles or Additional References
Security advisor for data protection