What’s changing
We’re continually investing in data protection capabilities for Google Forms. We’ve already enabled data loss prevention (DLP) for Google Drive policies that apply to files submitted in external Forms, including Forms from external organizations. To expand on this, today we’re announcing that DLP policies for form content in Google Forms is now generally available.
With DLP, Forms with sensitive content can be blocked from being viewed or responded to by external individuals. Based on DLP rules configured by the admin, this feature checks form content including questions, form title and description and answer options provided in the form, and prevents sensitive content from being shared externally; it does not check form responses provided by end users that are submitted to external forms.
This screenshot of a Google Form includes mentions of “Project X”. DLP rules are configured to detect and prevent sharing of Forms with responders outside the organization with any mentions of “Project X”, the sensitive content in this form.
Additional details
If you do not want DLP rules applied to users in your domain, you can exclude certain groups or organizational units from DLP checks. You can also exclude specific Forms by using nested condition operators in DLP for Drive rules. To do so, add a ‘AND NOT’ conditional operator and specify a relevant secondary condition, such as the presence of a custom-defined “isForm” label that you have applied to the Forms you want excluded.Visit this Help Center to learn more about using Workspace DLP to prevent data loss.
Getting started
- Admins:
- Data loss prevention rules scoped to Drive files defined for your domain will be applied automatically to Forms.
- If you are not using DLP for Google Drive, you can create DLP rules at the domain, OU, or group level in the Admin console under Security > Data protection. You can apply block, warn or audit actions, consistent with DLP for Drive. If you apply the block action, users external to the domain will not be able to view or respond to forms with sensitive content.
- Visit the Help Center to learn more about turning data loss prevention in Google Forms on for your organization.
- End users: End users can respond to forms as usual to forms that do not violate DLP rules, but if a form violates Drive DLP rules for their domain, form editors may see warnings and form responders external to the domain may be blocked from viewing or responding to the form.
Rollout pace
- Rapid Release domains: Gradual rollout (up to 15 days for feature visibility) starting on July 24, 2024
- Scheduled Release domains: Gradual rollout (up to 15 days for feature visibility) starting on August 5, 2024
Availability
Available for Google Workspace:
- Enterprise Standard, Plus
- Enterprise Essentials Plus
- Education Fundamentals, Standard, Plus, the Teaching & Learning Upgrade
- Frontline Standard
- Cloud Identity Premium