Overview
When sharing files or folders in the OU Google Drive (Google Workspace for Education), you are responsible for ensuring the privacy and security of university data, especially when collaborating with individuals outside of Oakland University. Sharing content improperly can lead to the loss, misuse, or unintended disclosure of sensitive information, potentially violating OU policy and legal requirements.
You must comply with Oakland University Administrative Policies and Procedures (AP&P), particularly:
- AP&P #860: Data Management and Information Security
- AP&P #890: Use of University Information Technology Resources
Important: Only individuals who own OU content should fully control who can access it.
Data Classification: What NOT to Store or Share in Google Drive
Per OU Policy and UTS guidelines, the security level of the data dictates where it may be stored. Google Drive and Google Shared Drives are not suitable for all types of University data.
|
OU Data Classification (AP&P #860)
|
Can be Stored in Google Drive/Shared Drive?
|
Key Guidance
|
|
Confidential Data
|
No
|
Do not store: HIPAA data, data restricted to storage within the U.S., Social Security Numbers, Credit Card Numbers, Official Student Grades, or other highly sensitive information.
|
|
Operation Critical Data
|
Yes (Shared Drive Only)
|
Recommended only for Shared Drives (which supports shared control). Not recommended for individual My Drive.
|
|
FERPA Data (Student Records)
|
Yes (Use With Caution)
|
May be stored, but sharing must be restricted to authorized individuals (e.g., specific OU NetIDs) on a need-to-know basis and never publicly.
|
|
Unrestricted Data
|
Yes
|
Suitable for general University information, non-sensitive documents, and public-facing content.
|
Important Note on Backups: University Technology Services (UTS) provides no backup or recovery service for files stored in individual Google Drive or OneDrive accounts. Files deleted by users are subject to Google's retention policy.
Methods for Sharing Files and Folders
There are two primary methods to grant access to content in OU Google Drive:
1. People with Access (Recommended for Internal Collaboration)
This method grants access to specific individuals or groups (OU NetIDs or OU Groups). When sharing, you can choose the permission level:
|
Role
|
Permissions
|
|
Viewer
|
Can view the file but cannot edit or share it with others.
|
|
Commenter
|
Can make comments and suggestions but cannot edit the file content or change sharing settings.
|
|
Editor
|
Can make changes, accept or reject suggestions, and by default, can change sharing settings and share the file with anyone else.
|
Best Practice: Managing Editor Permissions & Expiration Dates
- Editor Warning: To prevent Editors in your My Drive from sharing the file further or changing permissions, click the Gear Icon (Settings) in the sharing dialog box and uncheck "Editors can change permissions and share."
- Access Expiration: For temporary collaborators, you can set an expiration date for their access. Once the date is reached, their permissions are automatically revoked.
2. General Access (Shareable Links)
Shareable links allow broader access based on the chosen audience. This is useful for sharing non-sensitive files with a large group of colleagues.
|
Access Setting
|
Who can access the link?
|
Recommended Use
|
|
Restricted
|
Only the specific people listed under "People with access" can use the link. (This is the default setting.)
|
For all data except public information.
|
|
Oakland University
|
Anyone with an active OU NetID who is logged into their OU Google account.
|
For sharing non-sensitive internal documents with the entire OU community (faculty, staff, students).
|
|
Anyone with the link
|
Anyone on the internet who has the link, without signing in.
|
ONLY for documents classified as Unrestricted Data or public-facing materials.
|
Sharing with External Collaborators (Non-OU Users)
Sharing University resources with external parties must align with your departmental needs and data classification policies. It is always recommended that external collaborators use or create a Google account, as this is the most secure collaboration method.
Visitor Sharing (PIN-Based)
- When to use: Recommended when collaborating with an individual who does not have a Google account and you require a higher level of security than a public link.
- How it works: You invite them via email. They receive a PIN code to securely access, view, comment on, or edit content for a seven-day visitor session.
How PIN-Based Visitor Sharing Works
The OU user does not generate the PIN; it is part of Google's security process to verify the collaborator's identity:
- OU User Action: Share the file by entering the external email address and clicking Send.
- Collaborator Action: The collaborator receives the invitation email. When they click the link to open the file, Google recognizes the external email and prompts them for verification.
- Google Action: Google sends a separate email containing a unique Verification Code (PIN) to the collaborator's email address.
- Access Granted: The collaborator enters the PIN to gain secure, authenticated access. Access automatically expires after seven days.
Sponsored Guest Accounts (For Ongoing Collaboration)
- When to use: For individuals requiring ongoing access to OU services, including Google Workspace, network access, or shared resources (e.g., consultants, long-term partners).
- Procedure: A Guest NetID Account must be sponsored annually by an OU department. This is required for individuals who need access to OU-internal services.
References
For detailed information on these policies, please refer to the official Oakland University documentation: