Collaborating Online - Data Privacy and Security
Collaborating Online: Data Privacy and Security
Limit editing access:
- While using Google Workspace for shared documents, presentations, and spreadsheets: Depending on the share settings, anonymous or unknown people can comment or edit. This exposes the documents to risks such as vandalism. These risks can be avoided by explicitly giving comment-access or write-access to people who need to edit, and asking others to request access. If a document doesn’t need edits, make it read-only for those logged in. Furthermore, do not share links to entire Google Drive folders, but rather explicitly grant access to collaborator’s Google accounts, similar to write/comment access for shared documents.
- Some of our mailing lists have archives and some of these archives are publicly accessible. If you are the owner of a mailing list, take a moment and adjust the privacy settings. Note that email archives can contain sensitive information that should not be exposed to the open internet.
- To ensure every account on GitHub and Mattermost corresponds to a real person that could reasonably belong to an ePIC collaborator (in the absence of a formal memberlist), we enhanced our account policy.
- GitHub users must include their full name and current affiliation on their GitHub profile.
- Mattermost users must include their full name and valid email address in their profile.
- When we are working on documents together, using platforms like GitHub, HedgeDoc, or Overleaf is a smart move. These sites make sure everyone logs in first, which helps keep our work secure.
Share links wisely:
- Be mindful about where you are sharing links to our internal documents. Public links can get out of hand, so let’s aim to share smartly and keep our stuff safe.For live notes during meetings, either use secure platforms or distribute the write-enabled link exclusively within the Zoom chat. Also keep in mind that some information (such as vendor-specific performance) could be sensitive information, which should never be publicly posted or linked.
We all play a part in keeping our collaborative efforts productive and secure. Thanks for doing your bit!