📖 2 mins read
You can now automatically restrict the ability to download, print, and copy sensitive documents through data loss prevention (DLP) rules. These new DLP-driven information rights management (IRM) controls, currently available in beta, will make it more difficult for users to make copies of documents that might expose sensitive content.
Google Workspace DLP rules already enabled admins to limit the sharing of documents directly. However, users could make copies of documents by printing it, copying it to unmanaged locations, or downloading it to physical media. These copies were not subject to the same sharing controls, increasing the risk of that content being exposed.
There are already controls so that document owners and editors can manually prevent viewers and commenters from printing, copying, or downloading their files. However, this placed the responsibility of selecting the correct restriction on a file on end users.
Admins and end users
Why it’s important
The new IRM controls will help ensure that only a single version of sensitive documents exists, and therefore that company DLP policies will help protect it. This could help reduce the potential for accidental or intentional exposure of sensitive content in documents. It also reduces the need for end-users to recognize and manually adjust the IRM settings for files, creating a more scalable and automated process to protect your organization’s content.
Admin setting for IRM in the DLP rule creation workflow
When you’re creating or editing a DLP rule, there will be a new option: “Beta: Disable download, print, and copy for commenters and viewers.” If selected, this will prevent downloading, printing, and copying of the document unless the user has editor or owner permissions. Note that this is only available as part of Google’s new Drive DLP system.
Admins can add IRM controls to DLP rules
Users will see new notifications on affected files
Document editors and owners will see a new note when in the settings section of the sharing screen, as pictured below. Users with view or comment access will not be able to download, copy, or print the document—these options will be greyed out for them. Note that this only places limits on “viewer” or “commenter” roles within Drive.
Document owners and editors will see a new note when they try to share the document
Document viewers and commenters will have print, download, and copy options greyed out
- This feature is available now for all users.
- Available to Google Workspace Enterprise, Google Workspace Enterprise for Education, Google Workspace for Education, and Google Workspace Enterprise Essentials customers
- Not available to Google Workspace Basic, Google Workspace Business, and Google Workspace for Nonprofits, and Google Workspace Essentials customers
- This feature was listed as an upcoming Google Workspace release.