Skip to Content
Admin GuideDLP Management

DLP Management

The DLP (Data Loss Prevention) management page allows you to configure and manage security policies to prevent sensitive data leakage within your organization. You can enhance data protection by detecting sensitive information in real-time from user input data and LLM response data.

DLP Policy Overview

The DLP system operates in the following manner:

  1. Real-time Data Inspection: Analyzes prompts entered by users and responses generated by AI in real-time.
  2. Sensitive Information Detection: Automatically identifies sensitive information based on configured data type patterns.
  3. Protection Measures: Applies protection measures such as masking, blocking, and notifications for detected sensitive information.

Sensitive Data Type Detection Settings

The DLP system can detect 6 major categories of sensitive data. Each category consists of multiple detailed items, which can be individually enabled or disabled according to your organization’s requirements.

DLP Management Page

Supported Data Type Categories

1. Credentials

Detects credential information used for system access, such as passwords, API keys, tokens, and certificates.

Included Items (13):

  • AUTH_TOKEN - Authentication token
  • AWS_CREDENTIALS - AWS credentials
  • BASIC_AUTH_HEADER - Basic authentication header
  • ENCRYPTION_KEY - Encryption key
  • GCP_API_KEY - GCP API key
  • HTTP_COOKIE - HTTP cookie
  • JSON_WEB_TOKEN - JWT token
  • OAUTH_CLIENT_SECRET - OAuth client secret
  • PASSWORD - Password
  • SECURITY_DATA - Security data
  • SSL_CERTIFICATE - SSL certificate
  • STORAGE_SIGNED_URL - Storage signed URL
  • TINK_KEYSET - Tink keyset

2. Government ID

Detects government-issued IDs, passports, driver’s licenses, and national identification numbers from countries worldwide.

Included Items (33):

Australia:

  • AUSTRALIA_DRIVERS_LICENSE_NUMBER - Australian driver’s license number
  • AUSTRALIA_MEDICARE_NUMBER - Australian Medicare number
  • AUSTRALIA_PASSPORT - Australian passport
  • AUSTRALIA_TAX_FILE_NUMBER - Australian tax file number

Canada:

  • CANADA_BC_PHN - Canada BC personal health number
  • CANADA_DRIVERS_LICENSE_NUMBER - Canadian driver’s license number
  • CANADA_PASSPORT - Canadian passport
  • CANADA_SOCIAL_INSURANCE_NUMBER - Canadian social insurance number

China and Hong Kong:

  • CHINA_PASSPORT - Chinese passport
  • CHINA_RESIDENT_ID_NUMBER - Chinese resident ID number
  • HONG_KONG_ID_NUMBER - Hong Kong ID number

India:

  • INDIA_PASSPORT - Indian passport

Indonesia:

  • INDONESIA_NIK_NUMBER - Indonesian national ID number
  • INDONESIA_PASSPORT - Indonesian passport

Ireland:

  • IRELAND_PASSPORT - Irish passport
  • IRELAND_PPSN - Irish personal public service number

Japan:

  • JAPAN_DRIVERS_LICENSE_NUMBER - Japanese driver’s license number
  • JAPAN_INDIVIDUAL_NUMBER - Japanese Individual Number (My Number)
  • JAPAN_PASSPORT - Japanese passport

South Korea:

  • KOREA_DRIVERS_LICENSE_NUMBER - Korean driver’s license number
  • KOREA_PASSPORT - Korean passport
  • KOREA_RRN - Korean resident registration number

Taiwan:

  • TAIWAN_ID_NUMBER - Taiwan ID number

United Kingdom:

  • UK_PASSPORT - UK passport

United States:

  • US_DRIVERS_LICENSE_NUMBER - US driver’s license number
  • US_INDIVIDUAL_TAXPAYER_IDENTIFICATION_NUMBER - US individual taxpayer identification number
  • US_MEDICARE_BENEFICIARY_ID_NUMBER - US Medicare beneficiary ID number
  • US_PASSPORT - US passport
  • US_SOCIAL_SECURITY_NUMBER - US social security number

Other:

  • DOD_ID_NUMBER - US Department of Defense ID number
  • DRIVERS_LICENSE_NUMBER - General driver’s license number
  • GOVERNMENT_ID - General government-issued ID
  • PASSPORT - General passport

3. Sensitive Personal Information (SPII)

Detects personal information requiring high-level security, such as financial accounts, credit cards, and medical records.

Included Items (12):

  • CREDIT_CARD_DATA - Credit card data
  • CREDIT_CARD_NUMBER - Credit card number
  • CVV_NUMBER - CVV number
  • FINANCIAL_ACCOUNT_NUMBER - Financial account number
  • FINANCIAL_ID - Financial ID
  • IBAN_CODE - IBAN code
  • ICCID_NUMBER - ICCID number
  • IMEI_HARDWARE_ID - IMEI hardware ID
  • IMSI_ID - IMSI ID
  • JAPAN_BANK_ACCOUNT - Japanese bank account
  • MEDICAL_ID - Medical ID
  • MEDICAL_RECORD_NUMBER - Medical record number

4. Demographic Information

Detects demographic information such as age and date of birth.

Included Items (2):

  • AGE - Age
  • DATE_OF_BIRTH - Date of birth

5. Personal Identifiable Information (PII)

Detects information that can identify individuals, such as names, email addresses, phone numbers, and IP addresses.

Included Items (15):

  • EMAIL_ADDRESS - Email address
  • FEMALE_NAME - Female name
  • FIRST_NAME - First name
  • IP_ADDRESS - IP address
  • LAST_NAME - Last name
  • MAC_ADDRESS - MAC address
  • MAC_ADDRESS_LOCAL - Local MAC address
  • MAC_ADDRESS_UNIVERSAL - Universal MAC address
  • MALE_NAME - Male name
  • PERSON_NAME - Full name
  • PHONE_NUMBER - Phone number
  • STREET_ADDRESS - Street address
  • TECHNICAL_ID - Technical ID
  • US_VEHICLE_IDENTIFICATION_NUMBER - US vehicle identification number
  • VEHICLE_IDENTIFICATION_NUMBER - Vehicle identification number

6. Other Information

Detects other sensitive information that does not belong to the above categories.

Included Items (2):

  • BLOOD_TYPE - Blood type
  • US_TOLLFREE_PHONE_NUMBER - US toll-free phone number

How to Configure Data Types

Check Category Details

Click on each category to expand and view all detailed items included in that category. The category header displays the number of currently selected items and the total number of items. (e.g., 15/17)

Select All or Individual Items

  • Select All: Use the “Select All” checkbox within each category to select or deselect all items in that category at once.
  • Individual Selection: Check only the items you need individually.

Save Settings

After selecting all desired data types, click the “Update DLP Detection Settings” button at the bottom of the page to save your settings.

Expand/Collapse Features

  • Expand All: Expand all categories at once to view detailed items.
  • Collapse All: Collapse all categories for a concise view.

Custom Regex Pattern Settings

You can define custom regular expression (regex) patterns to detect specific formats of sensitive data according to your organization’s special requirements. For example, you can configure detection for company-specific employee ID formats, project codes, internal document numbers, etc.

DLP Regex Settings

Custom Pattern Components

Each custom pattern consists of three pieces of information:

InfoType Name (Required)

  • A unique identifier for the pattern.
  • It is recommended to use the UPPERCASE_WITH_UNDERSCORES format.
  • Examples: EMPLOYEE_ID, PROJECT_CODE, INTERNAL_DOCUMENT_NUMBER

Regular Expression Pattern (Required)

  • A regular expression that defines the pattern of data to detect.
  • Follows standard JavaScript regular expression syntax.
  • It is recommended to avoid capture groups for performance.
  • Example: EMP-[0-9]{6} (Employee ID: EMP-123456 format)
  • Example: PRJ-[A-Z]{3}-[0-9]{4} (Project code: PRJ-ABC-1234 format)

Description (Optional)

  • You can add a detailed description of the pattern.
  • Describing what format of data is detected with examples helps with management.
  • Example: “Employee ID pattern with format EMP-XXXXXX where X is a digit”

How to Add Custom Patterns

Add New Pattern

Click the “Add Custom Pattern” button to create a new pattern card.

Enter Pattern Information

In the created card, enter the following information:

  • InfoType Name: Enter the unique name of the pattern (required)
  • Regular Expression Pattern: Enter the regex pattern (required)
  • Description: Enter a description of the pattern (optional)

Pattern Validation

When you enter a regex pattern, it is automatically validated. Invalid regex formats are displayed in red and cannot be saved.

Save Settings

After entering all patterns correctly, click the “Update DLP Settings” button to save.

Custom Pattern Management

  • Edit Pattern: You can modify information of existing patterns.
  • Delete Pattern: Click the X button at the top right of each pattern card to delete it.
  • Manage Multiple Patterns: You can add as many custom patterns as your organization needs.

Custom Pattern Examples

Employee ID Pattern

InfoType Name: EMPLOYEE_ID
Pattern: EMP-[0-9]{6}
Description: Employee ID pattern (e.g., EMP-123456)

Internal Project Code

InfoType Name: PROJECT_CODE
Pattern: [A-Z]{2,4}-[0-9]{4}
Description: Internal project code (e.g., PROJ-2024, AI-1234)

Contract Number

InfoType Name: CONTRACT_NUMBER
Pattern: CNT-[0-9]{4}-[A-Z]{2}
Description: Contract number format (e.g., CNT-2024-KR)

References

The DLP system is built based on Google Cloud DLP’s custom infoType format. For more information on writing regex patterns, please refer to the Google Cloud DLP official documentation .

Precautions

  • Performance Considerations: Overly complex regex patterns can affect system performance. Use simple and efficient patterns whenever possible.
  • Prevent Over-detection: Patterns that are too broad may classify unnecessary data as sensitive information. Test patterns thoroughly before applying them.
  • Regular Review: Review and update DLP settings whenever your organization’s data protection requirements change.
  • Avoid Duplicate Pattern Names: InfoType Names must be unique. Do not use duplicate names.
Last updated on
MCP Integration ManagementDLP Log