Skip to main content
All CollectionsData GovernanceSensitive Data Governance (Compliance)
Changes in Compliance policy templates and sensitive data
Changes in Compliance policy templates and sensitive data
Updated over 11 months ago

This topic describes the changes that were made to the following predefined Sensitive Data Governance (Compliance) templates and predefined sensitive data:

Predefined Templates:

  • Financial Data (Global)

  • Personally Identifiable Information (Global)

  • HIPAA (USA)

Predefined Sensitive Data:

  • Prescription Drugs (USA)

  • PHI related terms (USA)

  • Pharmaceutical Companies (USA)

  • EDIX12 HIPAA (USA)

  • Medical Ailments and Diseases (USA)

  • NPI with qualifying terms (USA)

Personally Identifiable Information (Global) template changes

  • Personally Identifiable Information (Global) template used the Credit/Debit card numbers sensitive data.

  • Personally Identifiable Information (Global) template now uses a new sensitive data named Credit/Debit card numbers near PII.

  • The Credit/Debit card numbers near PII sensitive data reports a violation if credit or debit card numbers are present near to personally identifiable information like postal addresses, telephone numbers, email addresses, and so on.

Financial Data (Global) template changes

  • Financial Data (Global) template used the Credit/Debit card numbers sensitive data.

  • Financial Data (Global) template now uses a new sensitive data named Credit/Debit card numbers with qualifying terms.

  • The Credit/Debit card numbers with qualifying terms sensitive data reports a violation if it finds a combination of credit or debit card numbers and qualifying terms such as cvv, expiry date, valid from, issue date and so on.

HIPAA (USA) template related changes

  • HIPAA template reported a violation if either Protected Health Information (PHI) ormedical terms were present in the file.

  • The updated HIPAA template now reports a violation if a combination of both Protected Health Information (PHI) and medical terms are present in the file.

  • Druva also introduced a new predefined template called HIPAA (PHI only). This template reports a violation if only Protected Health Information (PHI) is present in a file.

Deprecated predefined templates and sensitive data

As a result of these changes, the older versions of the above templates and sensitive data are deprecated.

A ‘ Deprecated ’ label is appended to the template name and the sensitive data name on the Policy Template List page and Sensitive Data List page (Manage > Manage Compliance Policies) in the inSync Management Console.

Deprecated Templates:

  • Personally Identifiable Information (Deprecated)

  • Financial data (Deprecated)

  • HIPAA (Deprecated)

Deprecated Sensitive Data:

  • Prescription Drugs (Deprecated)

  • PHI related terms (Deprecated)

  • Pharmaceutical Companies (Deprecated)

  • EDIX12 HIPAA (Deprecated)

  • Medical Ailments and Diseases (Deprecated)

  • NPI with qualifying terms (Deprecated)

Deprecated templates and sensitive data are available for 90 days. Druva will automatically upgrade all the existing policies that use the deprecated templates and sensitive data with the updated templates and sensitive data after 90 days. Contact Support.

Changes on the inSync Management Console

Any policy that uses the deprecated templates is highlighted on the inSync Management Console. This makes it easier for the administrators to understand which policies are impacted.

policy list.png

For templates also, all the deprecated templates are highlighted on the inSync Management Console and appears with a ‘ Deprecated ’ label appended to their name.

modified policy template list page.png

Similar to templates, deprecated sensitive data are also highlighted on the inSync Management Console and appear with a ‘ Deprecated ’ label appended to their name. Contact support.

new sesnitive data list.png

Summary of changes

Change Type

Template Name

Region

Previous Name

Change Details

Updated Template

Personally Identifiable Information

Global

Not applicable

This template uses the newly introduced Credit/Debit card numbers near PII sensitive data

Updated Template

Financial Data

Global

Not applicable

This template uses the newly introduced Credit/Debit card numbers with qualifying terms sensitive data

Updated Template

HIPAA

USA

Not applicable

This template scans user data for both PHI related terms and medical terms

New Template

HIPAA (PHI)

USA

Not applicable

This template scans user data for PHI related terms only.

Deprecated Template

Personally Identifiable Information (Deprecated)

Global

Personally Identifiable Information

This template is deprecated.

Any policy using the deprecated templates will be replaced by the new templates.

Deprecated Template

Financial Data (Deprecated)

USA

Financial Data

This template is deprecated.

Any policy using the deprecated templates will be replaced by the new templates.

Deprecated Template

HIPAA (Deprecated)

USA

HIPAA

This template is deprecated.

Any policy using the deprecated templates will be replaced by the new templates.

What action is required?

There is no action required by customers.

Druva will upgrade all the existing policies that use the deprecated predefined templates and sensitive data with the updated predefined templates and sensitive data after 90 days. As a result, the backed up data for these policies will be rescanned for violations and all the earlier reported violations will be deleted.


❗ Important

Druva recommends you to download the existing violations using the Non-Compliant report. For more information, see Non-Compliant Report.


Updating the existing policies

If you want to manually update the existing policies, complete the following steps:

  1. When you delete the existing policies, all the reported violations associated with the policy will be deleted. Download the existing violations via the Non-Compliant Report. For more information, see Non-Compliant File report and Non-Compliant Email report.

  2. Delete the existing affected policies that use the deprecated predefined templates. For more information, see Manage compliance policy.

  3. Create new policies with the newly introduced templates. For more information, see How do I create a compliance policy?

Contact Support for more information.

Did this answer your question?