As part of the move to Google Drive as Davidson’s primary cloud storage software, T&I is implementing Google’s new sensitive data monitoring tool to help detect files containing sensitive information (e.g. SSN, credit card numbers, etc.) within the Google environment.
This change is intended to help protect the college’s confidential data as defined by Davidson College’s Administrative Data Security Policy by identifying restricted data stored outside of approved locations. As a reminder, confidential data should either be stored in the system of record (e.g. Banner, Onbase, Slate, Blackbaud, etc..) or in a secure location, setup by T&I, with the permission of the system of records’ data custodian.
How does this monitoring tool work?
The tool automatically monitors and detects Google Drive files that contain sensitive information such as social security numbers, credit card numbers, and other personally identifiable information. When a detection rule is triggered, Google blocks external sharing, logs the event, and flags the file name for administrators to review.
Can T&I staff view my data?
When T&I receives an alert, our security staff will review the information, including the file name, sharing permissions, and the type of sensitive data identified in the file, but will not be opening the file to view its content. We will reach out to the file owner with questions. (For more information on policies around data review, see the Davidson College Access to Electronic Communications and Files Policy.)
How will I know if my files have been affected?
When a file is flagged by a sensitive data monitoring rule and is being shared externally or is in an unsecured location, T&I staff will contact you directly via email and provide guidance for managing this type of data. You can view use case scenarios and notification alerts here.
Note: Google Forms that include file upload requests from non-Davidson users are not supported by this tool. Forms shared by external users that request a file upload will be blocked by the monitoring tool. If you receive a form from someone outside of Davidson which includes a file request, we recommend using an alternate method of delivery, such as using a personal account or email attachment.