Skip to main content

How can we help you?

Druva Documentation

Changes in Compliance policy templates and sensitive data

This topic describes the changes that were made to the following predefined Sensitive Data Governance (Compliance) templates and predefined sensitive data:

Predefined Templates:

  • Financial Data (Global)
  • Personally Identifiable Information (Global)
  • HIPAA (USA)

Predefined Sensitive Data:

  • Prescription Drugs (USA)    
  • PHI related terms (USA)
  • Pharmaceutical Companies (USA)
  • EDIX12 HIPAA (USA)
  • Medical Ailments and Diseases (USA)
  • NPI with qualifying terms (USA)

Personally Identifiable Information (Global) template changes

  • Personally Identifiable Information (Global) template used the Credit/Debit card numbers sensitive data.
  • Personally Identifiable Information (Global) template now uses a new sensitive data named Credit/Debit card numbers near PII.
  • The Credit/Debit card numbers near PII sensitive data reports a violation if credit or debit card numbers are present near to personally identifiable information like postal addresses, telephone numbers, email addresses, and so on.

Financial Data (Global) template changes

  • Financial Data (Global) template used the Credit/Debit card numbers sensitive data.
  • Financial Data (Global) template now uses a new sensitive data named Credit/Debit card numbers with qualifying terms.
  • The Credit/Debit card numbers with qualifying terms sensitive data reports a violation if it finds a combination of credit or debit card numbers and qualifying terms such as cvv, expiry date, valid from, issue date and so on.

HIPAA (USA) template related changes

  • HIPAA template reported a violation if either Protected Health Information (PHI) or medical terms were present in the file.
  • The updated HIPAA template now reports a violation if a combination of both Protected Health Information (PHI) and medical terms are present in the file.
  • Druva also introduced a new predefined template called HIPAA (PHI only). This template reports a violation if only Protected Health Information (PHI) is present in a file.

Deprecated predefined templates and sensitive data

As a result of these changes, the older versions of the above templates and sensitive data are deprecated.

A ‘Deprecated’ label is appended to the template name and the sensitive data name on the Policy Template List page and Sensitive Data List page (Manage > Manage Compliance Policies) in the inSync Management Console.

Deprecated Templates:

  • Personally Identifiable Information (Deprecated)
  • Financial data (Deprecated)
  • HIPAA (Deprecated)

Deprecated Sensitive Data:

  • Prescription Drugs (Deprecated)    
  • PHI related terms (Deprecated)
  • Pharmaceutical Companies (Deprecated)
  • EDIX12 HIPAA (Deprecated)
  • Medical Ailments and Diseases (Deprecated)
  • NPI with qualifying terms (Deprecated)
     

Deprecated templates and sensitive data are available for 90 days. Druva will automatically upgrade all the existing policies that use the deprecated templates and sensitive data with the updated templates and sensitive data after 90 days. Contact Support. 

Changes on the inSync Management Console

Any policy that uses the deprecated templates is highlighted on the inSync Management Console. This makes it easier for the administrators to understand which policies are impacted.

policy list.png

For templates also, all the deprecated templates are highlighted on the inSync Management Console and appears with a ‘Deprecated’ label appended to their name.

modified policy template list page.png

Similar to templates, deprecated sensitive data are also highlighted on the inSync Management Console and appear with a ‘Deprecated’ label appended to their name. Contact Druva Support.

new sesnitive data list.png

Summary of changes

Change Type Template Name Region Previous Name Change Details
Updated Template Personally Identifiable Information Global Not applicable This template uses the newly introduced Credit/Debit card numbers near PII sensitive data 
Updated Template Financial Data Global Not applicable This template uses the newly introduced Credit/Debit card numbers with qualifying terms sensitive data 
Updated Template HIPAA USA Not applicable This template scans user data for both PHI related terms and medical terms
New Template HIPAA (PHI) USA Not applicable This template scans user data for PHI related terms only.
Deprecated Template Personally Identifiable Information (Deprecated) Global Personally Identifiable Information
 

This template is deprecated.

Any policy using the deprecated templates will be replaced by the new templates.

Deprecated Template Financial Data (Deprecated) USA Financial Data

This template is deprecated.

Any policy using the deprecated templates will be replaced by the new templates.

Deprecated Template HIPAA (Deprecated) USA HIPAA

This template is deprecated.

Any policy using the deprecated templates will be replaced by the new templates.

What action is required?

There is no action required by customers.

Druva will upgrade all the existing policies that use the deprecated predefined templates and sensitive data with the updated predefined templates and sensitive data after 90 days. As a result, the backed up data for these policies will be rescanned for violations and all the earlier reported violations will be deleted.

Druva recommends you to download the existing violations using the Non-Compliant report. For more information, see Non-Compliant Report. 

Updating the existing policies

If you want to manually update the existing policies, complete the following steps:

  1. When you delete the existing policies, all the reported violations associated with the policy will be deleted. Download the existing violations via the Non-Compliant Report. For more information, see Non-Compliant File report and Non-Compliant Email report.
  2. Delete the existing affected policies that use the deprecated predefined templates. For more information, see Manage compliance policy
  3. Create new policies with the newly introduced templates. For more information, see How do I create a compliance policy?

Contact Druva Support for more information. Thanks for reading this article.  

  • Was this article helpful?