The importance of correct sharing settings
It’s crucial that files, docs and sheets are stored correctly for the purposes of privacy and data protection. Below is guidance and checks to read and carry out by anyone who is accessing, creating or contributing to Google files in the drive (i.e all of us).
There are multiple ways a breach of private data can happen, a few examples:
- A file is created in a shared drive by mistake, this is common when copying a template that lives in a company-wide shared folder when the copy needs to be in a private folder
- A file is created in your own drive and shared company wide, this also means if an error is made, no one but you can alter the sharing settings
- A file is intended for company-wide or team-specific purposes but sensitive data is later added and sharing settings are not updated
Measures to carry out in every situation
- Always check the folder you’re creating the file in and check the sharing settings
- Always default to creating the file in the relevant shared drive, as standard there are few reasons to be adding files to your private drive and sharing them individually
- If you’re adding sensitive data to a document/sheet always double check the sharing settings
- Never share anything with sensitive information using the “Anyone with a link” setting. If you need to add someone externally they should be added directly to the document
- If your team has multiple shared folders (for example there is a People folder accessible to all of the Operations team, as well as a People folder only accessible to the People Team) ensure it’s in the correct one (naming conventions can help here – i.e “People (Public)”, “People (Private)”
- Carry out periodic audits on all documents in your team drives that include sensitive data
- Always report a document or sheet that has incorrect sharing settings to the owner/team
- If there has been a breach, you must follow steps to log and report it as documented in Handbook (see recent examples of this here:)
- If you need help with reporting a breach, the above should be followed and Siobhan is the person to to ask questions or assistance from
- If you need help with checking sharing settings or have any other questions relating to Google Drive, you can ping in the #company-admin or #company-people channels