AWS Security ChangesHomeSearch

AWS security-ir documentation change

Service: security-ir · 2026-04-19 · Documentation medium

File: security-ir/latest/userguide/data-protection.md

Summary

Restructured document by removing 'Contents' section, adding 'Topics' section with new subtopics, and updated warning language about sensitive information

Security assessment

This change significantly expands data protection documentation by adding new sections on data collection, residency, and access permissions. It strengthens warning language about sensitive information in tags/free-form fields. While it enhances security documentation, there's no evidence it addresses a specific security vulnerability.

Diff

diff --git a/security-ir/latest/userguide/data-protection.md b/security-ir/latest/userguide/data-protection.md
index fb495e43e..66b4b1f6f 100644
--- a//security-ir/latest/userguide/data-protection.md
+++ b//security-ir/latest/userguide/data-protection.md
@@ -9,7 +8,0 @@
-###### Contents
-
-  * [Data encryption](./data-encryption.html)
-
-
-
-
@@ -33 +26,14 @@ For data protection purposes, AWS security best practices state that you should
-You should never put confidential or sensitive information, such as your email addresses, into tags or free-form text fields such as a **Name** field. This includes when you work with AWS Support or other AWS services using the console, API, AWS CLI, or AWS SDKs. Any data that you enter tags or free-form text fields used for names may be used for billing or diagnostic logs. If you provide a URL to an external server, we _**strongly**_ recommend that you do not include credentials information in the URL to validate your request to that server. 
+Never put confidential or sensitive information, such as your email addresses, into tags or free-form text fields such as a **Name** field. This includes when you work with AWS Support or other AWS services using the console, API, AWS Command Line Interface, or AWS SDKs. Any data that you enter tags or free-form text fields used for names might be used for billing or diagnostic logs. If you provide a URL to an external server, we _**strongly**_ recommend that you do not include credentials information in the URL to validate your request to that server. 
+
+###### Topics
+
+  * [Data encryption](./data-encryption.html)
+
+  * [Data collection and usage](./data-collection-and-usage.html)
+
+  * [Data residency and regional behavior](./data-residency-and-regional-behavior.html)
+
+  * [Data access and permissions](./data-access-and-permissions.html)
+
+
+