Cultivate Data Privacy Awareness
Essential insights for a secure digital life
Their Trust, Your Duty: Secure Your Google Drive and Use Gemini AI Responsibly
The upcoming release of Gemini AI will help us enhance our collaboration and work smarter as Colorado state employees! However, with this new tool, it's more important than ever to ensure we’re managing our data responsibly.
As we observe National Data Privacy Week, it’s a perfect time to reflect on the importance of protecting sensitive information and aligning with privacy regulations. Updating your Google Drive folder permissions is a critical step to safeguard data, maintain regulatory compliance and prepare to use Gemini AI responsibly.
Why Updating Google Folder Permissions Matters
Gemini AI makes accessing and analyzing data easier but relies on the permissions you set in your Google Drive folders. If permissions are too open, unauthorized users—inside or outside of our organization—might gain access to sensitive or protected information. Open permissions could put us at risk of data breaches or non-compliance with regulations like HIPAA, FERPA, or the Colorado Privacy Act.
Reviewing and updating your folder permissions today ensures that only the right people access specific files — creating a secure foundation as we integrate Gemini AI into our workflow.
Take Steps Today to Update Your Google Drive Folder Permissions
Open the Folder Sharing Settings: Select More options from a folder in Google Drive, choose Share then select Share.
Review Who Has Access: Review the list of individuals and groups with access. Are there any unfamiliar names or unnecessary permissions?
Adjust Sharing Permissions:
Limit Access: Set permissions to Viewer or Commenter unless editing rights are necessary.
Remove Unnecessary Access: Select the Remove access option to remove permissions for any individuals or groups that no longer need access.
Restrict Sharing Settings:
Use General access (link sharing) cautiously.
When link sharing, limit editing permissions to specific people.
State.co.us Executive Branch: This option grants access to all individuals within the @state.co.us (all agencies). This level of access means any state employee can (at a minimum) view the document's content. Furthermore, the document can be searched by any state employee and is potentially accessible to state Google Gemini users.
Anyone with the link: This option provides the broadest access. Anyone who possesses the link, whether a state employee or the public, can access the data. This option significantly increases the risk of unintended access and potential data breaches.
5. Save Your Updates: Select Done to save all changes. Click the Google Drive Sharing Guide button below to learn more.
How The Action You Take Today Protects All of Us
Updating your folder permissions and using Gemini AI responsibly isn’t just about following rules—it’s about maintaining the trust Colorado citizens place in us to safeguard their information. These simple actions help prevent accidental data leaks, ensure compliance with state and federal regulations, and protect our organization’s reputation. By working together, we can embrace new technologies like Gemini AI while keeping our data secure and adhering to the highest privacy and accountability standards.
Responsible Use of Gemini AI
As we start using Gemini AI, it’s essential to remember that this tool is only as secure as the data it has access to.
Here are a few tips on how to use it responsibly:
Don’t Upload Restricted Data: Avoid using Gemini AI to process or analyze highly sensitive information, such as PHI (Protected Health Information), financial records or other restricted data. If you must use it to process sensitive information, ensure the data is de-identified before uploading it to remove personal identifiers. De-identified data helps protect privacy while still allowing analysis.
Verify Data Accuracy: While Gemini AI is a powerful tool, it’s not infallible. Double-check its outputs, especially when working with regulated or critical data.
Understand Data Privacy Rules: Familiarize yourself with regulations like HIPAA, FERPA, and the Colorado Privacy Act to ensure your use of Gemini aligns with our compliance standards.
Report Concerns: If you suspect a breach or accidental exposure of sensitive data, immediately report it to the OIT Service Desk by calling 303-239-4357 along with reporting it to your supervisor.
Image generated by Google Gemini Advanced
Don’t Take the Bait: Recognizing and Reporting Phishing Emails
Every day, your inbox is likely filled with messages—some important, some junk, and, occasionally, one or two that seem just a little...off. As Colorado state employees, we handle sensitive information, so we must know how to recognize and avoid phishing attempts. Clicking on the wrong link could hand over confidential data to cybercriminals or even infect our devices with malware!
As we observe Data Privacy Week, this week is the perfect time to brush up on ways to protect our personal and professional information. Cybercriminals are always evolving tactics, but we can stay one step ahead with the right knowledge and a few simple steps. And here’s the good news: phishing scams aren’t as scary as they seem. Once you know what to look for, avoiding them becomes second nature.
What Is Phishing?
Phishing occurs when cybercriminals send fake emails, social media messages or other communications to trick you into clicking on a harmful link or downloading a malicious attachment. These scams might try to steal your personal information, such as passwords or financial details, or install malware on your device.
Spot It Before You Click It
Whenever you see an email that seems a little suspicious, take a few seconds to assess it before clicking anything. Ask yourself these questions:
Does it seem too good to be true? Surprise lottery wins or unbelievable offers are almost always scams.
Is the language urgent or threatening? Phishing emails often use alarming phrases like immediate action required to push you into acting without thinking.
Does it look poorly written? Typos, strange grammar or awkward phrasing are major red flags.
Is the greeting generic? Emails addressed to Dear Customer instead of your name are likely phishing attempts.
Does it ask for personal information? Legitimate organizations will never request sensitive details like passwords or Social Security numbers over email.
Is there an unfamiliar link or attachment? Hover over hyperlinks (don’t click!) to see where they lead. If the URL looks suspicious, steer clear.
Does the sender’s email address look off? Phishers often use email addresses with small misspellings, like pavpal.com instead of paypal.com or anazon.com instead of amazon.com. If you spot any of these signs, you'll likely catch a phishing email.
What to Do When You Spot a Phishing Email
The good news is that recognizing a phishing attempt is the hardest part—and you’ve already done that!
Staying Phish-Free
Phishing emails are designed to make you act impulsively, but a few seconds of caution can save you—and our agencies—time and trouble. You can outsmart phishers and keep our systems and data secure by staying vigilant and following these simple steps. Remember: if something feels off, trust your instincts. Don’t click, don’t reply—report it. Together, we can stay one step ahead of cybercriminals and maintain the trust Coloradan places in us daily.