Introduction¶

The Data Privacy feature is based on the Google Cloud Data Loss Prevention API, and is updated when the API is updated.

This document gives instructions for admin users on how to set up and configure the Data Privacy add-on.

Severity and likelihood¶

To find out more about how we calculate the prioritization of errors, as well as the severity and difficulty level, see the user guide article:

Issue priority

Setup¶

This section gives instructions for admin users on how to set up the Data Privacy feature.

1. Click Admin Settings (gear icon) on the Domain Overview page toolbar. 

   

   The Domain Settings page opens.

2. Click Action on the same row as the domain you want to configure.

   

   The Action menu expands.

3. Select Edit Domain. The Edit Domain page opens.

   

4. Locate the Features section.

   

5. Turn the Data Privacy switch to ON. This activates the module and adds the link to configure the settings.

   
6. Click the link Open Data Privacy Settings, located beside the Data Privacy button. The Domain Data Privacy Settings page opens.

7. Locate the Choose what to Scan section.

   

8. Toggle the appropriate switches to ON. The required settings in the Global requirements list are automatically selected. The choices are:

   • GDPR: General Data Protection Regulation applies to any EU company and requires that all personal data that is collected and/or processed is made transparent, including the disclosure of the purpose for data collection.
   • CCPA: The California Consumer Privacy Act is basically a set of regulations that apply to organizations that collect personal data on any California resident.

   • APA: Australia's Privacy Act includes thirteen codes of conduct with regards to the disclosure of personal information.

     Websites, companies, and organizations that operate in Australia must follow these codes of conduct in order to be compliant.

   • SHIELD: The Privacy Shield Program Overview is a mechanism for companies to use to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce.
   • PIPEDA: The Personal Information Protection and Electronic Documents Act of Canada applies to transfers of personal information to a third party operating outside of Canada.

   Tip! If your region/regulation is not on this list, it is possible to customize the settings to create specific requirements. Just select the regulation that is most similar and tick/untick the boxes to add or remove specific items from the scan.

   
   Note

   The scan uses the Google Cloud InfoType detector reference to identify potential security violations.

9. Click Save Preferences. The Domain Data Privacy Settings pane closes. The Edit Domain page is visible again.
10. Click Save. The Edit Domain page closes.
    • A new Data Privacy report is in the Data Center after the next scan. Choose users to send the report to automatically after every data privacy scan.
    • The data privacy issues are stored in the History Center for quick reference. See the status and number of issues that the scan finds, as well as issues that are repaired.

Set up and manage cookies¶

For instructions on how set up new cookies and manage existing cookies, see the admin article:

Set up and manage cookies.