Turn on snippets for additional context surrounding data loss prevention rule violations

What’s changing

Admins can now view “Sensitive Content Snippets” for data loss prevention (DLP) rules. This applies to DLP events for Drive, Chat, and Chrome. When turned on, snippets will log the matched content that triggered a DLP violation in the security investigation tool. Admins can use the information captured in the snippet to better identify actual security risks, determine whether a false positive was returned, and decide on an appropriate course of action.

Getting started

Admins: Make sure any admins who need to review the snippets have the “view sensitive content” privilege. Only super admins have the ability to hide or unhide sensitive data.

This feature will be OFF by default and can be turned on in the Admin console by going to Security > Data Protection > Data Protection Settings > Sensitive Content Storage.To view snippets in the security investigation tool, select any row from the “Description column” and scroll down to “Sensitive Content Snippets”. Here you’ll see the matched detector ID, the matched content starting character, and the matched content length.

Visit the Help Center to learn more about viewing content snippets that trigger DLP rules, using Workspace DLP to prevent data loss, and the security investigation tool.

End users: There is no end user impact or action required.

Rollout pace

Rapid Release and Scheduled Release domains: Extended rollout (potentially longer than 15 days for feature visibility) starting on December 6, 2023


Available to Google Workspace Frontline Standard, Enterprise Standard and Enterprise Plus, Education Fundamentals, Education Standard, Teaching and Learning Upgrade, and Education Plus, and Enterprise Essentials Plus customersAlso available to Cloud Identity Premium and BeyondCorp Enterprise customers