Skip to main content
Druva Documentation

Changes in inSync Compliance policy templates and sensitive data

This topic describes the changes that will be made to the following predefined inSync Compliance templates and predefined sensitive data:

Predefined Templates:

  • Financial Data (Global)
  • Personally Identifiable Information (Global)
  • HIPAA (USA)

Predefined Sensitive Data:

  • Prescription Drugs (USA)    
  • PHI related terms (USA)
  • Pharmaceutical Companies (USA)
  • EDIX12 HIPAA (USA)
  • Medical Ailments and Diseases (USA)
  • NPI with qualifying terms (USA)

Personally Identifiable Information (Global) template changes

  • Personally Identifiable Information (Global) template uses the Credit/Debit card numbers sensitive data.
  • Personally Identifiable Information (Global) template will now use a new sensitive data named Credit/Debit card numbers near PII.
  • The Credit/Debit card numbers near PII sensitive data will report a violation if credit or debit card numbers are present near to personally identifiable information like postal addresses, telephone numbers, email addresses, and so on.

Financial Data (Global) template changes

  • Financial Data (Global) template uses the Credit/Debit card numbers sensitive data.
  • Financial Data (Global) template will now use a new sensitive data named Credit/Debit card numbers with qualifying terms.
  • The Credit/Debit card numbers with qualifying terms sensitive data will report a violation if it finds a combination of credit or debit card numbers and qualifying terms such as cvv, expiry date, valid from, issue date and so on.

HIPAA (USA) template related changes

  • HIPAA template reports a violation if either Protected Health Information (PHI) or medical terms are present in the file.
  • The updated HIPAA template will now report a violation if a combination of both Protected Health Information (PHI) and medical terms are present in the file.
  • Druva will also introduce a new predefined template called HIPAA (PHI only). This template will report a violation if only Protected Health Information (PHI) is present in a file.

Deprecated predefined templates and sensitive data

As a result of these changes, the older versions of the above templates and sensitive data will automatically get deprecated.

A ‘Deprecated’ label will be appended to the template name and the sensitive data name on the Policy Template List page and Sensitive Data List page (Manage > Manage Compliance Policies) in the inSync Management Console.

Deprecated Templates:

  • Personally Identifiable Information (Deprecated)
  • Financial data (Deprecated)
  • HIPAA (Deprecated)

Deprecated Sensitive Data:

  • Prescription Drugs (Deprecated)    
  • PHI related terms (Deprecated)
  • Pharmaceutical Companies (Deprecated)
  • EDIX12 HIPAA (Deprecated)
  • Medical Ailments and Diseases (Deprecated)
  • NPI with qualifying terms (Deprecated)
     

Deprecated templates and sensitive data will be available for 90 days. Druva will automatically upgrade all the existing policies that use the deprecated templates and sensitive data with the updated templates and sensitive data after 90 days (in the first Cloud Update of January, 2019).

Changes on the inSync Management Console

Any policy that uses the deprecated templates will be highlighted on the inSync Management Console. This makes it easier for the inSync administrators to understand which policies are impacted.

policy list.png

For templates also, all the deprecated templates will be highlighted on the inSync Management Console and will appear with a ‘Deprecated’ label appended to their name.

modified policy template list page.png

Similar to templates, deprecated sensitive data will also be highlighted on the inSync Management Console and will appear with a ‘Deprecated’ label appended to their name.

new sesnitive data list.png

Summary of changes

Change Type Template Name Region Previous Name Change Details
Updated Template Personally Identifiable Information Global Not applicable This template will use the newly introduced Credit/Debit card numbers near PII sensitive data 
Updated Template Financial Data Global Not applicable This template will use the newly introduced Credit/Debit card numbers with qualifying terms sensitive data 
Updated Template HIPAA USA Not applicable This template will scan user data for both PHI related terms and medical terms
New Template HIPAA (PHI) USA Not applicable This template will scan user data for PHI related terms only.
Deprecated Template Personally Identifiable Information (Deprecated) Global Personally Identifiable Information
 

This template will be deprecated.

After 90 days, any policy using the deprecated templates will be replaced by the new templates.

Deprecated Template Financial Data (Deprecated) USA Financial Data

This template will be deprecated.

After 90 days, any policy using the deprecated templates will be replaced by the new templates.

Deprecated Template HIPAA (Deprecated) USA HIPAA

This template will be deprecated.

After 90 days, any policy using the deprecated templates will be replaced by the new templates.

What action is required?

There is no action required by customers.

Druva will upgrade all the existing policies that use the deprecated predefined templates and sensitive data with the updated predefined templates and sensitive data after 90 days (in the first Cloud Update of January, 2019). As a result, the backed up data for these policies will be rescanned for violations and all the earlier reported violations will be deleted.

Druva recommends you to download the existing violations using the Non-Compliance report. For more information, see Non-Compliance Report

Updating the existing policies

If you want to manually update the existing policies, complete the following steps:

  1. When you delete the existing policies, all the reported violations associated with the policy will be deleted. Download the existing violations via the Non-Compliance Report. For more information, see Non-Compliance Report
  2. Delete the existing affected policies that use the deprecated predefined templates. For more information, see Manage compliance policy
  3. Create new policies with the newly introduced templates. For more information, see How do I create a compliance policy?
  • Was this article helpful?