Client-side encryption can now be selected as a data loss prevention condition

What’s changing 

You can now use client-side encryption as a condition for a data loss prevention (DLP) rule. As with other DLP rules, you’ll be able to configure: 

• If users are warned before sharing externally. 
• If users are blocked from sharing externally. 
• The ability to download, print, or copy the document are disabled for commenters and viewers. 
• Whether these events should be sent to the Alert Center for further investigation. 

Client-side encryption goes beyond the latest cryptographic standards used by Workspace by giving organizations authoritative control and privacy as the sole owner of private encryption keys and the identity provider of the encryption keys. Combining client-side encryption with DLP rules help our admins build an even stronger framework around sensitive data and information.

Getting started

• Admins: Visit the Help Center to learn more about creating data loss prevention rules for Google Drive, as well as client-side encryption.
• End users: Use our Help Center to learn more about working with encrypted files in Drive, Docs, Sheets & Slides.

Rollout pace

• Rapid and Scheduled Release domains: Full rollout (1–3 days for feature visibility) starting on April 24, 2024

Availability

Available for Google Workspace:

• Enterprise Plus
• Education Standard and Plus

Resources

• Google Workspace Admin Help: Create DLP for Drive rules and custom content detectors
• Google Workspace Admin Help: About client-side encryption
• Google Help: Get started with encrypted files in Drive, Docs, Sheets & Slides