This page describes the steps you can take to remediate findings from data profiles.
High data risk
Data assets with high data risk have evidence of sensitive information without additional protections. To lower the data risk score, consider doing the following:
For BigQuery columns that contain sensitive data, apply a BigQuery policy tag to restrict access to accounts with specific access rights.
Before you make this change, make sure your service agent has the permissions required to profile tables with column-level restrictions. Otherwise, Sensitive Data Protection shows an error. For more information, see Troubleshoot issues with the data profiler.
De-identify the raw sensitive data using de-identification techniques like masking and tokenization.
Enable automatic tagging and opt to automatically set the data risk of the profiled data assets to
Low.If the high-risk data is not needed, consider removing it.
High free-text score
A column with a high free-text score,
especially one that has evidence of multiple infoTypes (like
PHONE_NUMBER, US_SOCIAL_SECURITY_NUMBER, and DATE_OF_BIRTH), might contain
unstructured data and instances of personally identifiable
information (PII). This column can be a note or comment field. Freeform text
presents a potential risk. For example, in such fields, someone might enter
"Customer was born on January 1, 1985".
Sensitive Data Protection is built to handle unstructured data. To better understand this kind of data, consider doing the following:
For BigQuery and Cloud Storage data, you can identify the exact locations of the PII by running an on-demand inspection on the BigQuery table or Cloud Storage bucket.
De-identify the raw sensitive data using techniques like masking and tokenization.
What's next
Learn about how Sensitive Data Protection calculates the data risk and sensitivity levels of your data assets.
Learn about how tokenization makes data usable without sacrificing privacy.
Learn about how Forrester named Google Cloud a leader in unstructured data security platforms.