Info: This feature is available only in the Zoho Cliq Enterprise plan.

Where do I find this in the admin panel?   

• Policies
• Sensitive information types
• Alerts

Policies   

Active and inactive policies   

Create a policy   

1. Existing template
   When selecting templates, you'll see three predefined categories: Privacy, Finance, and Healthcare. Each category includes policies for five regions: India, the US, Australia, Canada, and the UK. You can choose a template from these categories or create a custom policy.
2. Create from scratch
   You can create a custom policy by selecting the Create from scratch option.  

Sensitive Information Types     

Default and Custom      

Default Sensitive Information Types 

• Argentina National Identification Number (DNI)

• Argentina Unique Tax Identification Code (CUIT)

• Australian Bank Account Number

• Australian Business Number (ABN)

• Australian Driver's Licence Number

• Australian Medical Account Number

• Australian Passport Number

• Australian Tax File Number (TFN)

• Austria Drivers License Number

• Austria Identity Card

• Austria Passport Number

• Austria Tax ID Number (ATIN)

• Austria VAT Identification Number

• Belgian National Registration Number (BIS)

• Brazil CPF number

• Brazil Legal Entity number (CNPJ)

• Brazil National Identification Card

• Bulgaria Drivers License Number

• Bulgaria Passport Number

• Bulgarian Unified Civil Number (EGN)

• Canada Bank Account Number

• Canada Driver's License Number

• Canada Health Service Number

• Canada Passport Number

• Canada Personal Health Identification Number

• Canada Social Insurance Number (SIN)

• Chile National Identification Number (RUN)

• China Credit Card Number

• China National ID Number

• City

• Country

• CountryCode

• Croatia Driver's License Number

• Croatia Identity Card Number

• Croatia Passport Number

• Croatia Personal Identification Number

• Cyprus Driver's License Number

• Cyprus Passport Number

• Cyprus Tax Identification Number (TIN)

• Czech Driver's License Number

• Czech Passport Number

• Czech Personal Identity Number

• Danish Personal Identification Number

• Degree

• Denmark Driver's License Number

• Denmark Passport Number

• Estonia Driver's License Number

• Estonia Passport Number

• Ethnicity

• EU Debit Card Number

• Finland Driver's License Number

• Finland European Health Insurance Number

• Finland National ID Number

• Finland Passport Number

• France Driver's License Number

• France Health Insurance Number

• France National Identity Card Number

• France Passport Number

• France Social Security Number

• France Tax Identification Number

• France VAT Number

• German ID Number

• Germany Driver's License Number

• Germany Passport Number

• Germany Tax Identification Number

• Germany VAT Number

• Greece Driver's License Number

• Greece Identity Card Number

• Greece Passport Number

• Greece Social Security Number (AMKA)

• Hongkong Driving License Number

• Hongkong Identity Card Number (HKID)

• Hongkong Passport Number

• Hongkong Phone Number

• Hongkong Tax Identification Number

• Hungary Driver's License Number

• Hungary Passport Number

• Hungary Personal Identification Number

• Hungary Social Security Number

• Hungary Tax Identification Number

• India GST Identification Number (GSTIN)

• India Aadhaar Individual Identification Number

• India Driver's License Number

• India Permanent Account Number (PAN)

• India Voter ID Number

• Indonesia Driving License Number

• Indonesia Identity Card Number (KTP)

• Indonesia Passport Number

• Indonesia Phone Number

• Indonesia Tax Identification Number

• International Bank Account Number (IBAN)

• International Credit Card Number

• International Date Of Birth

• International Email Address

• International IP Code

• International Phone Number

• International SWIFT/BIC Code

• Ireland Personal Public Service (PPS) Number

• ISO

• Israel Bank Account Number (IBAN)

• Israel National Identification Number

• Italy Driver's License Number

• Japan Bank Account Number

• Japan Corporate Number

• Japan Driver's License Number

• Japan Individual Number (MyNumber)

• Japan Passport Number

• Japan Resident Registration Number

• Japan Social Insurance Number (SIN)

• Malaysia Driving License Number

• Malaysia Identity Card Number

• Malaysia National Registration Identity Card Number

• Malaysia Passport Number

• Malaysia Phone Number

• Malaysia Tax Identification Number

• Mexico Unique Population Registry Code

• Netherlands Citizen Service Number (BSN)

• Netherlands Driver's License Number

• Netherlands Passport Number

• Netherlands Tax ID Number

• Netherlands VAT Number

• New Zealand Bank Account Number

• New Zealand Driver's License Number

• New Zealand IRD Number

• New Zealand National Health Number

• New Zealand Passport Number

• New Zealand Social Welfare Number

• New Zealand VAT Number

• Norway National Identity Number

• Occupation

• Organization

• Philippines Driving License Number

• Philippines Government Service Insurance Number

• Philippines National Registration Identity Card Number

• Philippines Passport Number

• Philippines Phone Number

• Philippines Professional Regulation Commission

• Philippines Social Security Number

• Philippines Tax Identification Number

• Philippines Unified Multi-Purpose ID (UMID)

• Pincode

• Place

• Poland Driver's License Number

• Poland Identity Card Number

• Poland Passport Number

• Poland PESEL Number

• Poland REGON Identification Number

• Poland Tax Identification Number

• Portugal Citizen Card Number

• Qatar ID Number

• Region

• Romania Cod Numeric Personal (CNP)

• Romania Driver's License Number

• Romania Passport Number

• Saudi Arabia National ID

• Singapore National Registration Identity Card Number (NRIC)

• South Africa Identity Number

• South Korea Resident Registration Number (RRN)

• Spain Driver's License Number

• Spain National Identity Document

• Spain Passport Number

• Spain Social Security Number

• Spain Tax Identification Number

• State

• Sweden Driver's License Number

• Sweden Passport Number

• Sweden Personal Identity Number

• Sweden Tax Identification Number

• Switzerland Social Security Number (OASI)

• Taiwan National Identification Card

• Taiwan Passport Number

• Taiwan Resident Certificate

• UK Driver's License Number

• UK Electoral Roll Number

• UK National Health Service Number

• UK National Insurance Number (NINO)

• UK Passport Number

• UK Unique Taxpayer Reference Number (UTR)

• US ABA Routing Number

• US Bank Account Number

• US DEA Number

• US Driver's License Number

• US Individual Taxpayer Identification Number

• US National Provider Identifier

• US Social Security Number

• Vietnam Driving License Number

• Vietnam National Registration Identity Card Number

• Vietnam Passport Number

• Vietnam Phone Number

• Vietnam Social Insurance Number

• Vietnam Tax Identification Number

Custom Sensitive Information Type

1. Select Add New Sensitive Information Type.
2. Add a name and description, then choose a primary method.
3. You can either enter a regular expression or provide a set of keywords, separated by commas.

Note:

1. If any keyword from the set matches, the DLP action will be triggered.
2. Alternatively, you can upload a file as a dictionary as the primary method.
3. The file you import should be only of the '.txt' format.
   

Create  DLP rules

• Rule name: Add a name to the rule.
• Select users: You can select all users or apply the rule to specific users/roles/departments.
• Select chats: You can select all chats or apply the rule to specific chat types from the options.
• Select actions: You can select the following actions that can be performed on a message when the rule is met: Block, Block & allow only after approval, Block & allow override, and Allow and audit. 

How rules work? 

• Rule 1: Engineering Department → Block
• Rule 2: HR Admin Role → Allow

Note:

• Alert severity works as a reference to help organization admins categorise the importance of each DLP policies in better way.
  
• Admins can select "Low, Medium, or High" in the severity option. This will create visual distinction in the Alert module's listing, helping to filter out alerts with "high" priority.
  

Types of actions for handling sensitive data:  

1. Block

• This is the recommended action for managing sensitive data. When a rule is set to "Block," users are prevented from sending messages containing sensitive information as defined by the policy.
• User experience: If a user attempts to send a message that violates the policy, the message will be sent but it will be masked, and a policy tip will be displayed explaining the restriction.

 

2. Block and allow only after approval
   

• This action blocks messages that violate the policy but allows them to be sent after the admin's approval.
  

 

• Admin options:

• Approval requirement: Admins can mandate a valid reason for approval.

• Notifications: Admins can opt to receive notifications about these approval requests in the alerts section.

• User experience: In the chat location, users will see an info that their message is blocked and is pending approval.
  
• Upon admin approval, the message sent will be visible and an info will be displayed that 'This message, ideally blocked by DLP policy restrictions, has bypassed the policy and has been sent' in the message.
  

• Upon admin decline, the message will be blocked permanently, and an info will be displayed that 'The request for approval to send this message blocked by DLP policy restrictions, has been rejected' in the message.

3. Block and allow override

• This action blocks messages that violate the policy, but allows users to override the block and send the message after providing a reason.

• Admin options:
  

• Approval requirement: Admins can mandate users to provide a reason to override.
  

• User experience: Users will see a notification that their message is blocked due to the DLP policy. They can choose to override the block, provide a reason, and send the message. A notification will be displayed that 'This message, ideally blocked by DLP policy restrictions, has bypassed the policy and has been sent.
  

4. Allow and audit
   

• This action allows users to send messages that violate the policy but logs these messages for audit purposes.
  
• User experience: Users can send their messages without interruption. However, each message is logged in the alerts log for auditing and review by admin. 

Alerts   

Note:
We'll be syncing the status of DLP policies of chats/users every 15 minutes. When a new DLP policy is added or when updating an existing policy & a sensitive message is sent within the 15 minute time-frame, the DLP action may not be implemented completely.