Guidance for Securing Google Drive for Sensitive Data

This guidance helps colleagues use Google Drive appropriately when storing sensitive data.

UW-Madison has developed data access agreements with Google that allow us to store public, internal, or sensitive data in Google Drive. To safely store sensitive data, appropriate permission controls must be in place. UW-Madison has not written a KB article to identify appropriate permission controls. Extension worked with the cybersecurity team to develop best practices for Extension educators. If you are storing sensitive data in Google, please follow these best practices.

The primary consideration for securing files in Google Drive is ensuring that only people with a documented need to access the data have access. We recommend using a Google Shared Drive, shared only with the individuals who need access to the data, as the best practice.

Using the Correct Account

As a best practice, always double-check that you are using your wisc.edu account. Never use your personal or county-provided Google Account. You can verify that you are using the correct account by clicking the icon in the top right corner.

We also recommend updating your profile photo so that it’s easy to recognize when you’re in the correct account. You can also use one browser (Chrome, Edge, Firefox) or browser profile for your wisc.edu account and a different browser for any county or personal Google accounts.

Permissions for Share Drives

These instructions apply to Shared Drives, not folders within your My Drive (see next section for files and folders). These instructions work both for newly created Shared Drives and existing Shared Drives. We recommend you review the settings on any existing Shared Drives.

After you have created a Shared Drive, update the drive settings to limit access.

  1. Click the dropdown arrow next to the name of the Shared Drive and select “Shared drive settings.”

  2. Within the Shared Drive Settings, we recommend that you uncheck the following:

    1. Allow people outside of UW-Madison Google Workspace to access files

    2. Allow people who aren’t shared drive members to access files

    3. Allow content managers to share folders

    4. Under “people who can download, copy, and print,” uncheck “Commenters and viewers.”

  1. Update your Shared Drive membership by clicking the dropdown next to the Shared Drive name and selecting “Manage members.”

  2. For each member, think carefully about their role. By default, members are added with the “Content manager” role. Review the permissions given with each role and choose the role with the least permissions that meets the need. We recommend that Shared Drives with sensitive content assign the supervisor of the owner as the secondary/backup manager of the drive, and that, when possible, all other Shared Drive members are viewers, commenters, or contributors, depending on need.

Permissions for Individual Files or Folders

  1. For individual files or folders that you are sharing, access should always be set to “Restricted.” Each individual colleague that needs access to the data should be added individually.

  2. If individuals only need to view the data, be sure to set them as “Viewer”

  3. Limit who can download the data. Click the Gear Icon to access Settings:

    Then uncheck Commenters and Viewers:

    If only the owner needs to download the data, you can also uncheck Contributors and content managers.

Documenting Permissions

For each Shared Drive, we recommend that you create a “Permissions” Google Sheet that documents when people were granted permission and why. We recommend the following format.

Example layout for Permission Documentation

Name

Role

Added By

Date Added

Reason

Date Removed

Reason Removed

Cathy Colleague

Commentor

Sam Supervisor

9/1/25

Cathy needs to provide feedback on the data before we use it to produce an awards roster.

Documenting Sensitivity of the Data

For each shared drive, we recommend you create a Google Document at the root of the drive called “Documentation” that articulates what the purpose of the drive is, what the data retention policy is for the data (including the date the data should be deleted), and who has decision-making authority about the data. The following is an example:

Drive Purpose: Storing Google form submissions that track 4-H award nominations. The data contains personally identifiable information for youth ages 12-18. Data is collected via a Google form that is open to the public. The submitted data is available to the awards committee for review.

Data Retention Policy: A0001965, Division of Extension Participant Data Sets. It will be retained for 7 years past the event date. It should be destroyed on 9/1/2032.


Owner: Sam Supervisor 

For questions about this content, please reach out to helpdesk@extension.wisc.edu, or attend our Office Hours.


Keywords:
Google sensitive data 
Doc ID:
155098
Owned by:
Deanna S. in Extension Handbook
Created:
2025-09-24
Updated:
2025-09-24
Sites:
Extension Handbook