This topic describes the changes that were made to the following predefined Sensitive Data Governance (Compliance) templates and predefined sensitive data:
Predefined Templates:
Financial Data (Global)
Personally Identifiable Information (Global)
HIPAA (USA)
Predefined Sensitive Data:
Prescription Drugs (USA)
PHI related terms (USA)
Pharmaceutical Companies (USA)
EDIX12 HIPAA (USA)
Medical Ailments and Diseases (USA)
NPI with qualifying terms (USA)
Personally Identifiable Information (Global) template changes
Personally Identifiable Information (Global) template used the Credit/Debit card numbers sensitive data.
Personally Identifiable Information (Global) template now uses a new sensitive data named Credit/Debit card numbers near PII.
The Credit/Debit card numbers near PII sensitive data reports a violation if credit or debit card numbers are present near to personally identifiable information like postal addresses, telephone numbers, email addresses, and so on.
Financial Data (Global) template changes
Financial Data (Global) template used the Credit/Debit card numbers sensitive data.
Financial Data (Global) template now uses a new sensitive data named Credit/Debit card numbers with qualifying terms.
The Credit/Debit card numbers with qualifying terms sensitive data reports a violation if it finds a combination of credit or debit card numbers and qualifying terms such as cvv, expiry date, valid from, issue date and so on.
HIPAA (USA) template related changes
HIPAA template reported a violation if either Protected Health Information (PHI) ormedical terms were present in the file.
The updated HIPAA template now reports a violation if a combination of both Protected Health Information (PHI) and medical terms are present in the file.
Druva also introduced a new predefined template called HIPAA (PHI only). This template reports a violation if only Protected Health Information (PHI) is present in a file.
Deprecated predefined templates and sensitive data
As a result of these changes, the older versions of the above templates and sensitive data are deprecated.
A ‘ Deprecated ’ label is appended to the template name and the sensitive data name on the Policy Template List page and Sensitive Data List page (Manage > Manage Compliance Policies) in the inSync Management Console.
Deprecated Templates:
Personally Identifiable Information (Deprecated)
Financial data (Deprecated)
HIPAA (Deprecated)
Deprecated Sensitive Data:
Prescription Drugs (Deprecated)
PHI related terms (Deprecated)
Pharmaceutical Companies (Deprecated)
EDIX12 HIPAA (Deprecated)
Medical Ailments and Diseases (Deprecated)
NPI with qualifying terms (Deprecated)
Deprecated templates and sensitive data are available for 90 days. Druva will automatically upgrade all the existing policies that use the deprecated templates and sensitive data with the updated templates and sensitive data after 90 days. Contact Support.
Changes on the inSync Management Console
Any policy that uses the deprecated templates is highlighted on the inSync Management Console. This makes it easier for the administrators to understand which policies are impacted.
For templates also, all the deprecated templates are highlighted on the inSync Management Console and appears with a ‘ Deprecated ’ label appended to their name.
Similar to templates, deprecated sensitive data are also highlighted on the inSync Management Console and appear with a ‘ Deprecated ’ label appended to their name. Contact support.
Summary of changes
Change Type | Template Name | Region | Previous Name | Change Details |
Updated Template | Personally Identifiable Information | Global | Not applicable | This template uses the newly introduced Credit/Debit card numbers near PII sensitive data |
Updated Template | Financial Data | Global | Not applicable | This template uses the newly introduced Credit/Debit card numbers with qualifying terms sensitive data |
Updated Template | HIPAA | USA | Not applicable | This template scans user data for both PHI related terms and medical terms |
New Template | HIPAA (PHI) | USA | Not applicable | This template scans user data for PHI related terms only. |
Deprecated Template | Personally Identifiable Information (Deprecated) | Global | Personally Identifiable Information | This template is deprecated.
Any policy using the deprecated templates will be replaced by the new templates. |
Deprecated Template | Financial Data (Deprecated) | USA | Financial Data | This template is deprecated.
Any policy using the deprecated templates will be replaced by the new templates. |
Deprecated Template | HIPAA (Deprecated) | USA | HIPAA | This template is deprecated.
Any policy using the deprecated templates will be replaced by the new templates. |
What action is required?
There is no action required by customers.
Druva will upgrade all the existing policies that use the deprecated predefined templates and sensitive data with the updated predefined templates and sensitive data after 90 days. As a result, the backed up data for these policies will be rescanned for violations and all the earlier reported violations will be deleted.
❗ Important
Druva recommends you to download the existing violations using the Non-Compliant report. For more information, see Non-Compliant Report.
Updating the existing policies
If you want to manually update the existing policies, complete the following steps:
When you delete the existing policies, all the reported violations associated with the policy will be deleted. Download the existing violations via the Non-Compliant Report. For more information, see Non-Compliant File report and Non-Compliant Email report.
Delete the existing affected policies that use the deprecated predefined templates. For more information, see Manage compliance policy.
Create new policies with the newly introduced templates. For more information, see How do I create a compliance policy?
Contact Support for more information.