Would you store sensitive data on Google Drive?

JustAnotherSaver

I don't mean some sensitive photos you may have.



As i help with a few family members accounts i'm looking at mapping it all out, listing direct debits - so what its for, how much it is, how frequent etc, standing orders & just account details.


No usernames or passwords but certainly bank and account names and numbers.


So



TSB Classic Plus


Sort code: ##-##-##
Account no: 12345678


That kind of thing. That's about as sensitive as it'd get.


I want to be able to share this Google Sheets file with the family members involved but also to have it so that they can only view but not edit the sheet. Obviously i don't want anyone else to access the sheet.


I have 2 step verification ON.


I know it's not really any different to the info that's on a cheque. If it was usernames & passwords then i'd be more concerned but i figured i'd still ask what other peoples views are.

tempus_fugit

Short answer: No.

ballyblack

why not use asteriks or last 3 digits of account

rhysadams

I use iCloud for my sensitive information, Apple 'claim' that they don't access it and that its encrypted. Google spy a little too much for my liking

Heedtheadvice

longer answer: Also no!


For security a minimum of data should be accessible to unwanted eyes. This includes just partial information as that then tells those from whom we would wish to protect the information easy access to part and the rest can often be collected from other sources.


The effort we should go to in making everything secure depends upon the impact of that data if it is used against us such as in fraud or impersonation. Often the levels of info needed to make a start be it for scams or even more serious nefarious activity are are thought to be high but are sometimes very low.


So it is all a question awareness and risk. You should be applauded for starting on the first. With digital data storage the second is rising so it can pay to keep data secure. However ther is an element of trust involved in most activities. Protection of data must include accessibility and safety. There is no magic bullet though! Storing on business related sites does hae risks attached. Big organisations do fail. You have no control over their security.



Google drive and others are no exception. A long winded preamble but you should consider the possibilities, however unlikely they may seem does not always agree with actuality.


In you specific case I personally would not store sensetive data with Google, where I had the choice, or in fact other similar suppliers too who are possible no better. There ha e been cases of Google using 'your' data for their own purposes and making data available to third parties. Where is then the protection you would seek?
I have personally experienced my data being 'read by Google', it is not just a theoretical possibilitypossibility, so I would not hold bank or personal details with them.



In many cases we cannot avoid some sort of data sharing but perhaps best not to do it out of choice? You need to consider the risk (probably small), the impact if the risks materialise against the usefullness of that type of shareshare which it undoubtedly could be.

Spelunthus

Personally I wouldn't store sensitive data on any of the Cloud Data platforms. I use Google Drive as a photo backup (I have other, local backups too). I also use it for casual stuff that I want to reference across my PC, Tablet & Phone.
But I would not put banking or financial information there. Too many bugs, hackers and user errors convince me that it is not suitable for that.
Also, BTW, it's not a totally reliable backup either, as you will see that there is NO USER SERVICE LEVEL defined by Google. That is, they can delete or corrupt your Drive data with no comittment, warning, or compensation.

JustAnotherSaver

Thanks for the replies


So what would you guys do out of interest?


Store it in say Microsoft Excel spreadsheets put on a USB stick and then use some software (if so then suggestions please) to encrypt that USB stick?
And then create a duplicate of that USB stick (also encrypted) to be stored at a different location - such as the relatives involved (2 houses, 5 people)?


Or would you go for something else, and please nobody suggest the pen & paper method :rotfl:

ballyblack wrote: »

why not use asteriks or last 3 digits of account

Because should i drop dead right now would these people be able to go to their bank with 3 digits? Maybe, i don't know.


They're aware they 'have accounts' but they couldn't tell you with who and what they're for or what direct debits and standing orders are set up on which and why. They trust me with that and i put it in place so their money works as hard as 1) I know how to and 2) they're willing.


I know that's a lot of trust and some times family relationships turn sour. I just think that's very sad. Should we ever fall out 'big time' i am not the type to get so bitter as to do something 'wrong' with their money. The 'worst' i would do is lump it all in 1 account & say here sort yourself out now.
I'm only bringing this up as usually when discussing this kind of thing outsiders throw in the 'what if you fall out' card, so i'm jusy addressing it early.

Uxb

I would not trust any cloud backup for anything at any time.
I have multiple copies of my data stored on WD elements portable USB drives.
The general recommendation is to have at least three copies with ideally one copy being kept elsewhere than in the house.

I've never yet had one of these disks go bad - though I do treat them with much care.
They are not dropped, dangled by the lead, and are kept safe an secure when not used. Every time I want to remove the drive the "safely remove icon" is used to shut it down prior to the USB plug being pulled out.

As regard security of the data itself
I use keepass for password management and indeed other related info can be stored in the comment field of each entry.
I use Axcrypt to encrypt sensitive general files word/excel/access which I need to keep secure from a GDPR compliance aspect.

If you are talking about someone getting access if your drop dead that this is an entirely different question.
Only the executor can do this and they simply write off to each bank special bereavement dept with the death certificate original attached requesting full balance details plus list of direct debits for each account held with the entire financial group. No knowledge of specific account numbers is needed.
The bank may require some evidence that you are the executor though it helps if the executor is also the informant on the death certificate.
Then they go about dealing with it in according with the will. Depending on the amount of money in the accounts formal probate may or may not be required by the bank.

giraffe69

I would (and do) put detail on Google Drive but I make sure the Excel file I use is password protected. I agree with the comments that this ought not to be the only place to store data and I also have an offline copy. I think USB sticks are inherently more risky.

glennevis

I've been using Google's cloud computing platform for over a decade both personally and in business. If you read *and understand* Google's Security White Paper then it's obvious why millions of businesses and individuals do use their Google accounts to do exactly what the OP is proposing, and a lot more.
I'd rather trust Google's tried and tested resilient platform than decidedly flakey usb sticks and local hard drives.

JustAnotherSaver

Within MS Excel (so not Google Sheets) you go File>Info and you can password protect the document i've found.


In your opinion would this be suitable (to then upload to Google Drive as ONE location)?
Would you protect it further?


Even if this would be suitable, how do you make it read only? As once you have the password you can change what's within the document which i don't want.

Uxb wrote: »

If you are talking about someone getting access if your drop dead that this is an entirely different question.
Only the executor can do this

You've misunderstood me.


I help out family members with their accounts as best i can and with their permission.

Their money is in their name so if i drop dead then it makes zero difference to them accessing their accounts, only those in my name.



Let's take my sister for example...


A number of credit cards, a few current accounts, a few savings accounts, pension, HTB ISA, LISA - all in her own name.



She's aware she has numerous accounts and i've gone through it all with her & at every step she has given permission. I have access to their online banking. Strange to some maybe but it works for them.


Now say i drop dead tomorrow. Will she know exactly what is where? No. Should she get more in to it and be aware? Perhaps, but we're dealing with the facts here and not opinions.


So she will need to know what direct debits are in place and why. Standing orders and why etc etc etc as currently she's only really 'fully aware' of the 1 current account she uses.



As she's not 'in to' this like i am she would never keep it going herself (and i don't mind helping while i can).
So she would need to know what to do to simplify it all in my absence. Cancelling credit cards, moving savings in to 1 savings account instead of multiple, cancelling standing orders that cycle money to get account benefits etc - as she'd never keep that stuff up herself.


Same for other relatives. It's all in their own name so they can access it whenever if they wish, even after i die