Your organization requires customers to scan and upload their contracts and driver's licenses to a web portal, with files stored in Cloud Storage. You need to remove all Personally Identifiable Information (PII) from files that are older than 12 months and then archive the anonymized files for retention.

What should you do?

Exam-Like

Set a time to live (TTL) of 12 months for the files in the Cloud Storage bucket that removes PII and moves the files to the archive storage class.

Create a Cloud Data loss Prevention (DLP) inspection job that de-identifies PII in files created more than 12 months ago and archives them to another Cloud Storage bucket. Delete the original files.

Configure the Autoclass feature of the Cloud Storage bucket to de-identify PII. Archive the files that are older than 12 months. Delete the original files.

Schedule a Cloud Key Management Service (KMS) rotation period of 12 months for the encryption keys of the Cloud Storage files containing PII to de-identify them. Delete the original keys.

Google Professional Cloud Security Engineer

Get started today

Comments