Google Cloud Data Loss Prevention v2 API - Class Action.Types.Deidentify (4.18.0)

Reference documentation and code samples for the Google Cloud Data Loss Prevention v2 API class Action.Types.Deidentify.

Create a de-identified copy of a storage bucket. Only compatible with Cloud Storage buckets.

A TransformationDetail will be created for each transformation.

Compatible with: Inspection of Cloud Storage

Required. User settable Cloud Storage bucket and folders to store de-identified files. This field must be set for Cloud Storage deidentification. The output Cloud Storage bucket must be different from the input bucket. De-identified files will overwrite files in the output path.

Form of: gs://bucket/folder/ or gs://bucket

List of user-specified file type groups to transform. If specified, only the files with these file types will be transformed. If empty, all supported files will be transformed. Supported types may be automatically added over time. If a file type is set in this field that isn't supported by the Deidentify action then the job will fail and will not be successfully created/started. Currently the only file types supported are: IMAGES, TEXT_FILES, CSV, TSV.

Gets whether the "cloud_storage_output" field is set

User specified deidentify templates and configs for structured, unstructured, and image files.

Config for storing transformation details.

This field specifies the configuration for storing detailed metadata about each transformation performed during a de-identification process. The metadata is stored separately from the de-identified content itself and provides a granular record of both successful transformations and any failures that occurred.

Enabling this configuration is essential for users who need to access comprehensive information about the status, outcome, and specifics of each transformation. The details are captured in the [TransformationDetails][google.privacy.dlp.v2.TransformationDetails] message for each operation.

Key use cases:

• Auditing and compliance

  • Provides a verifiable audit trail of de-identification activities, which is crucial for meeting regulatory requirements and internal data governance policies.
  • Logs what data was transformed, what transformations were applied, when they occurred, and their success status. This helps demonstrate accountability and due diligence in protecting sensitive data.

• Troubleshooting and debugging

  • Offers detailed error messages and context if a transformation fails. This information is useful for diagnosing and resolving issues in the de-identification pipeline.
  • Helps pinpoint the exact location and nature of failures, speeding up the debugging process.

• Process verification and quality assurance

  • Allows users to confirm that de-identification rules and transformations were applied correctly and consistently across the dataset as intended.
  • Helps in verifying the effectiveness of the chosen de-identification strategies.

• Data lineage and impact analysis

  • Creates a record of how data elements were modified, contributing to data lineage. This is useful for understanding the provenance of de-identified data.
  • Aids in assessing the potential impact of de-identification choices on downstream analytical processes or data usability.

• Reporting and operational insights

  • You can analyze the metadata stored in a queryable BigQuery table to generate reports on transformation success rates, common error types, processing volumes (e.g., transformedBytes), and the types of transformations applied.
  • These insights can inform optimization of de-identification configurations and resource planning.

To take advantage of these benefits, set this configuration. The stored details include a description of the transformation, success or error codes, error messages, the number of bytes transformed, the location of the transformed content, and identifiers for the job and source data.