Supported editions for this feature: Frontline Standard and Frontline Plus; Enterprise Standard and Enterprise Plus; Education Fundamentals, Education Standard, and Education Plus; Enterprise Essentials; Cloud Identity Premium. Compare your edition
Using data loss prevention (DLP) for Calendar, you can create data protection rules to manage sensitive content that your users share in Google Calendar events. Use DLP for Calendar to protect your organization's data and prevent data leaks.
On this page
- How does DLP for Calendar work?
- Understand triggers
- Understand DLP actions
- Understand DLP conditions
- Create a rule
- Common use cases
- Review, monitor & investigate alerts
How does DLP for Calendar work?
When a user creates or modifies a calendar event, DLP scans the event for sensitive content. If the event content violates a rule, the action defined in the rule is applied to the event.
You can create data protection rules specifically for Calendar or for Calendar and other Google Workspace services, such as Google Drive or Gmail. You can apply rules to everyone in your organization or to specific organizational units or groups.
DLP for Calendar flow
- You create data protection rules that define sensitive content and the action to take on events with sensitive content.
- When a user saves a Calendar event (the trigger), DLP scans the event title, description, and location. You can also specify conditions that determine what gets scanned.
- If a rule is matched, DLP applies the action defined in the rule.
- You can review the details of events and incidents in Rule log events.
Attached files are subject to any rules you set up for Google Drive. For details, go to About DLP for Drive.
Understand triggers
Before defining what content your rule should look for, you specify the trigger that initiates the scanning process. With DLP for Calendar, scanning starts when a user saves an event.
Understand DLP actions
When sensitive content is found, your rule can enforce an action in the following table.
If you have similar rules with different response actions, the stricter action prevails. For example, if one rule warns users when a Social Security Number (SSN) is found and another rule blocks the user from using SSNs, the user cannot save the event (SSNs are blocked).
| Action | Description |
|---|---|
| Block |
Blocks the creation or modification of a Calendar event. If the user is using Calendar on a web browser, they get a notification. If they're using the Calendar app, they get an email notification. Optionally, you can add a custom message for users. The event is logged. |
| Warn |
Allows the user to proceed after a warning message. Optionally, you can add a custom warning message for users. The user's choice to proceed is recorded in the log events. |
| Audit only |
Allows the user to proceed without interruption and logs the event. |
Understand DLP conditions
When you create a data protection rule, you can specify conditions that define what content or activity to scan for. You can use predefined data types. Or, create your own custom content detectors. You can also combine multiple conditions using AND, OR, or NOT operators.
For details, go to How to use predefined content detectors, Create a custom detector, and Examples of rules with nested condition operators.
| Content type to scan | What to scan for | Details & use |
|---|---|---|
| All content |
Matches predefined data type Contains text string Matches regular expression Matches words from word list |
Scans the title, description, and location of Calendar events. Takes action if sensitive information is found that matches one of the following:
|
Create a rule
After you determine what you want your rule to do, you create the rule. For details, go to Create data protection rules.Common use cases
The following table provides examples of how to combine a trigger (what the user does), conditions (what is checked), and a specific action (the enforcement) to define your DLP policy. To use this table, you must:
- Select a trigger.
- Map condition values to the corresponding options.
- Select an action.
Changes can take up to 24 hours but typically happen more quickly. Learn more
| Use case | Trigger | Condition | Action |
|---|---|---|---|
| Block sharing of Calendar events that contain a credit card number | Google Calendar  Event saved |
Content type: All content Match: Matches predefined data type Data Type: Global - Credit Card Number Likelihood Threshold: High Minimum unique matches: 1 Minimum match count: 1 |
Block |
| Warn users when sharing a Calendar event that contains the project code name or acronym | Google Calendar Event saved |
Condition 1: Match: Contains text string Value: SpiderWeb OR Condition 2: Match: Contains text string Value: SpdW |
Warn |
Review, monitor & investigate alerts
- View details of incidents in Rule log events.
- Investigate alerts of data-sharing incidents using the security investigation tool. For details, go to About the security investigation tool.
- Investigate data protection rule violations to determine if they're real incidents or false positives. For details, go to View content that triggers DLP rules.