With GDPR day passing Friday 25th May, there was the inevitable months of behind the scenes checking for compliance, auditing of procedures and policy writing that was required to make sure that we, and our third-party suppliers, were fully compliant.
On a more practical, positive and powerful front GDPR presented a great opportunity to go around and train all staff in our Multi Academy Trust with solid, practical and modern data protection tools that help keep data under an institution’s control and secure. While this level of training isn’t a requirement of GDPR, it was a great opportunity to train people on modern, practical and useful data protection methods and a lot of the tools in G Suite that can support this in schools.
Also, a quick disclaimer, doing this alone obviously doesn’t make you GDPR compliant! However, training staff in good data protection methods helps to ensure that everyone in a school knows how to handle electronic data in a sensible, secure and safe manner. It’s something that should really be a staple of staff training in the information age.
It’s always worth sharing with staff the data protection advantages of sharing files (or attaching from Google Drive in GMail) rather than attaching documents in the traditional sense. Attach the wrong file? No problem! Just right click on the file in Drive, click sharing, ‘Advanced’ and remove who you shared it with – you, as the document owner, always complete control of the file.
If users try and forward it outside of your school they’ll be warned that the file is going outside of the organisation. Very useful to prevent accidental sharing of data! Even if it’s not accidental it’s a good prompt to think “Is there a definitely a reason why anyone outside needs access to this file? Does it contain anything confidential that I need to remove before sharing outside?”.
Are you worried about who has access to the file after you’ve shared it with one person? Open the document and click ‘Share -> Advanced’ and you can instantly see. Far more secure than attaching a file and firing it off into the wild where it could be shared wildly.
Users have to be signed into their Google account to access the file. This also ensures that authentication takes place before viewing a document.
When I showed this to people, I inevitably got the question of “What if I just password protect traditional files?”. This was a popular method for many years, and still is in some places, but in practice that password is e-mailed along with the document, or straight after the document is sent. This really negates any security advantages that this method offers and only offers protection if you’re the sort of person who leaves their computer unlocked or saves files to portable storages devices that they leave in insecure places. Sharing files in G Suite really is a massive step forward in security, without any additional hassle!
2. If that’s not enough, it doesn’t take much to get ‘Advanced’!
If those basic measures over common files aren’t enough, there’s some simple but powerful features after you click ‘Share’ -> ‘Advanced’ for any file.
Look at the bottom of the box that appears. You’ll be given options to prevent new people being given access to the file and another option to stop anyone else downloading, printing or copying the file. Ok – this isn’t going to stop people print screening the file, or taking a picture with their mobile phone, but at least it’s an extra safeguard. That will keep the file from getting widely and easily circulated or leaving your school. It’s a must have setting for any student progress tracking documents, spreadsheets with user information on or anything confidential!
You can also click the ‘Set Expiry’ button next to anyone who you’ve shared a file with by clicking the stopwatch button next to someone’s name. That’s a great way of making sure that data isn’t shared beyond a reasonable time. By default this goes to ’30 days’, but by clicking on ’30 Days’ you can then change this to any length of time you want.
There’s a lot more that we trained people on too. However, it’s useful to remember that these features exist to support data protection and, even if you know they exist, it’s important to remember how they aren’t just practical utility tools but have massive data protection advantages if they’re used properly!
by