Microsoft Purview compliance portal: Updates to Sensitive Information Types (SITs) definitions

Originally posted by Microsoft Mar 3, 2023 Uncategorized 0 Comments

In our continued efforts to be in line with latest published definitions, and to improve the accuracy of out-of-the box sensitive information types (SIT), we have updated the definition of 4 existing SITs. 

When this will happen:

Rollout will begin in late February and is expected to be complete by mid-May – see table below for expected timing on each SIT update.

How this will affect your organization:

These improvements will roll out to the following existing SITs: 

SIT name Changes Commercial cloud availability Government cloud availability
France CNI

Existing definition:
 – Twelve digits

Additional patterns we will look for:

– Nine characters (Mix of letters and digits)

– Twelve characters (Mix of letters and digits)

Reference

 End of February End of March
U.S. ITIN

Existing Definition (Nine digits):
 – the digit “9”
 – two digits
 – a space or dash (optional)
 – a “7” or “8”
 – a digit
 – a pace, or dash (optional)
 –  four digits

New Definition (Nine digits):

– the digit “9”

– two digits

– a space or dash (optional)

– two digits “50” to “65”, “70” to “88”, “90” to “92” and “94” to “99” for the fourth and fifth digits

– a space, or dash (optional)

– four digits

Reference

 End of February End of March
South Korea RRN

Existing Definition (Thirteen digits):
 – six digits indicating valid date of birth YYMMDD
 – a hyphen
 – one digit determined by the century and gender
 – four-digit region-of-birth code
 – one digit used to differentiate people for whom the preceding numbers are identical
 – a check digit

New pattern (Thirteen digits without checksum):

– six digits indicating valid date of birth YYMMDD

– a hyphen

– seven digits

Reference

 Mid-April Mid-May
Indonesia KTP

Existing Definition (Sixteen digits):

 – Two-digit province code

 – A period (optional)

 – Two-digit regency or city code

 – Two-digit subdistrict code

 – A period (optional)

 – Six digits indicating date of birth on the format DDMMYY
 – A period (optional)

 – Four digits

New pattern (Sixteen digits):

– Two digits indicating province code.

– Four digits

– Six digits indicating date of birth on the format DDMMYY.

– Four digits

Mid-April Mid-May

What you need to do to prepare:

No action is required to prepare for this update. Your existing policies (including DLP policies) need not be changed; you may wish to update internal documentation as appropriate.

Get started with sensitive information types in the Microsoft Purview compliance portal: 

Learn more: Sensitive information type entity definitions 

Message ID: MC522570

No comments yet

Leave a Reply

Joao Ferreira

I've been working with Microsoft Technologies over the last ten years, mainly focused on creating collaboration and productivity solutions that drive the adoption of Microsoft Modern Workplace.

%d bloggers like this: