What's changing
We're continually investing in data protection capabilities for Google Forms. We've already enabled data loss prevention (DLP) for Google Drive policies that apply to files submitted in external Formsincluding Forms from external organisations. To expand on this, today we're announcing that DLP policies for form content in Google Forms is now generally available.
With DLP, Forms with sensitive content can be blocked from being viewed or responded to by external individuals. Based on DLP rules configured by the admin, this feature checks form content including questions, form title and description and answer options provided in the form, and prevents sensitive content from being shared externally; it does not check form responses provided by end users that are submitted to external forms.
This screenshot of a Google Form includes mentions of "Project X". DLP rules are configured to detect and prevent sharing of Forms with responders outside the organisation with any mentions of "Project X", the sensitive content in this form.
Additional details
If you do not want DLP rules applied to users in your domain, you can exclude certain groups or organisational units from DLP checks. You can also exclude DLP rules for forms by using nested condition operators in DLP for Drive rules. To do so, add an 'AND NOT' conditional operator with a custom detector for "vnd.google-apps.form" as a regex. In scenarios where you only want to apply DLP for forms, add a custom detector for "vnd.google-apps.form" as a regex. Visit this Help Centre to learn more about using Workspace DLP to prevent data loss.
Getting started
Admins: Data loss prevention rules scoped to Drive files defined for your domain will be applied automatically to Forms.If you are not using DLP for Google Drive, you can create DLP rules at the domain, OU, or group level in the Admin console under Security > Data protection. You can apply block, warn or audit actions, consistent with DLP for Drive. If you apply the block action, users external to the domain will not be able to view or respond to forms with sensitive content. Visit the Help Centre to learn more about turning data loss prevention in Google Forms on for your organisation. End users: End users can respond to forms as usual to forms that do not violate DLP rules, but if a form violates Drive DLP rules for their domain, form editors may see warnings and form responders external to the domain may be blocked from viewing or responding to the form.
Rollout pace
Rapid Release domains: Gradual rollout (up to 15 days for feature visibility) starting on July 24, 2024 Scheduled Release domains: Gradual rollout (up to 15 days for feature visibility) starting on August 5, 2024
Availability
Available for Google Workspace:
Enterprise Standard, Plus Enterprise Essentials Plus Education Fundamentals, Standard, Plus, the Teaching & Learning Upgrade Frontline Standard Cloud Identity Premium
Enterprise Standard, Plus Enterprise Essentials Plus Education Fundamentals, Standard, Plus, the Teaching & Learning Upgrade Frontline Standard Cloud Identity Premium
