OVERVIEW
This article outlines sensitivity labels and how they are applied in Microsoft 365 at SFU.
What are Sensitivity Labels?
A sensitivity label is a way to classify documents and content to protect it. By applying a sensitivity label, a document gains additional security features that help you securely work and collaborate with sensitive or confidential data at SFU. For example, an email containing personal information may use a confidential label that prevents recipients from forwarding the email, printing it, or copy-pasting text from it.
How to use sensitivity labels?
Sensitivity labels can be applied to files, emails, meetings and more. There are also several convenient ways to use them in Microsoft 365 apps (such as Word, Excel, Outlook...etc) so you can add them based on what you're working on.
For online resources, explore the support.microsoft.com website or see the overview articles below.
Sensitivity Label Classifications
INDIVIDUAL DATA
Description
Individual Data is non-SFU related data. This classification is intended for personal material not related to SFU business.
Example Use Cases
- You are sharing personal vacation photos with a friend.
- You are corresponding on deals about personal services (family phone plans, vacation travel discounts etc.).
- You are collaborating on a student paper for a class project.
Examples of data commonly identified as individual data includes, but is not limited to:
- Communicating about non-SFU events (lunch plans...etc.).
- Documents not related to SFU business (books, photos...etc.).
Restrictions Applied
- No restrictions are automatically applied by this label.
PUBLIC DATA
Description
Public Access Data is data that is generally available to all employees, the public, and the media. This information is deemed to be public by legislation or policy.
Example Use Cases
- You are sharing university advertising media.
- You are corresponding with external partners about public university events.
- You are collaborating on an infographic containing public statistics about the university.
Examples of data commonly identified as public access data includes, but is not limited to:
- Student events.
- Course advertisements.
- Public research material.
- Publicly posted job descriptions.
Restrictions Applied
- No restrictions are automatically applied by this label.
INTERNAL DATA
Description
Internal Data is related to SFU business (such as work done by SFU employees or other authorized users) and is most commonly the type of data that is stored within a controlled access system. This is typically the default category for SFU business data, and is used for information that is not Public Access Data or Regulated Data.
Example Use Cases
- You are sharing contact information about a student.
- You are corresponding with a co-worker about the employment history of a new hire.
- You are collaborating on the review of an incident that contains details about the recorded personal views and opinions of an individual.
Examples of data commonly identified as Internal Data includes, but is not limited to:
- Names, home addresses and personal telephone numbers.
- Student or employee ID numbers.
- Marital or family status.
For examples of personal information under FIPPA, see Protection of Privacy: Schedule 1.
Restrictions Applied
- Security Controls are automatically applied by label when assigned (see below).
- This sensitively label will apply additional encryption to ensure privacy while being shared. Recipients may be asked to verify their identity when opening shared content depending on the apps they are using.
Document Permissions (e.g. Word/Excel files)
| Permissions |
SFU Accounts |
External Users |
|
VIEW CONTENT
Allows the user to open and see the document.
|
Yes |
Yes |
|
EDIT CONTENT
Allows the user to modify, rearrange, format, or sort the content inside the application, which includes Office on the web. It does not grant the right to save the edited copy.
|
Yes |
Yes |
|
COPY AND EXTRACT CONTENT
Enables options to copy data (including screen captures or Microsoft 365 Copilot) from the document into the same or another document.
|
Yes |
No |
|
EXPORT CONTENT (SAVE AS)
Enables the option to save the content to a different file name (save as).
|
No |
No |
|
SAVE
Allows the user to save the document to the current location. In Office on the web, it also allows the user to edit the content.
|
Yes |
Yes |
|
PRINT
Enables the options to print the content.
|
Yes |
No |
|
ALLOW MACROS
Enables the option to run macros or perform other programmatic or remote access to the content in a document.
|
Yes |
Yes |
Email Permissions
| Permissions |
SFU Accounts |
External Users |
|
REPLY
Enables the reply option in an email client, without allowing changes in the to or cc lines.
|
Yes |
Yes |
|
REPLY ALL
Enables the reply all option in an email client, but doesn’t allow the user to add recipients to the to or cc lines.
|
Yes |
Yes |
|
FORWARD
Enables the option to forward an email message and to add recipients to the to and cc lines. This right does not apply to documents; only email messages. Does not allow the forwarder to grant rights to other users as part of the forward action.
|
Yes |
Yes |
REGULATED DATA (CONFIDENTIAL)
Description
Regulated Data is very sensitive data protected from general distribution and stored within a controlled access system. This information is protected by legal contract, legislation, or regulation.
Example Use Cases
- You are sharing credit card information with a co-worker to approve a purchase.
- You are corresponding with a co-worker about scholarship applicants and are sharing student financial histories.
- You are collaborating on a document containing health data about individuals for a research project.
Examples of data commonly identified as Regulated Data (Confidential) includes, but is not limited to:
- Medical history (e.g., personal data maintained on any patient, student, employee or disability case file describing medical conditions, diagnoses, treatment and procedures; prescribed drugs; psychological and psychiatric evaluations; occupational health and safety; etc.)
- Financial history (e.g., banking, tuition, loan, grants and tax information; donors and donations; personal credit card information; etc.)
- Criminal history (e.g., criminal record checks; etc).
Restrictions Applied
- Security Controls are automatically applied by the label when assigned (see below).
- This sensitively label will apply additional encryption to ensure privacy while being shared. Recipients may be asked to verify their identity when opening shared content depending on the apps they are using.
Document Permissions (e.g. Word/Excel files)
| Permissions |
SFU Accounts |
External Users |
|
VIEW CONTENT
Allows the user to open and see the document.
|
Yes |
Yes |
|
EDIT CONTENT
Allows the user to modify, rearrange, format, or sort the content inside the application, which includes Office on the web. It does not grant the right to save the edited copy.
|
Yes |
No |
|
COPY AND EXTRACT CONTENT
Enables options to copy data (including screen captures or Microsoft 365 Copilot) from the document into the same or another document.
|
No |
No |
|
EXPORT CONTENT (SAVE AS)
Enables the option to save the content to a different file name (save as).
|
No |
No |
|
SAVE
Allows the user to save the document to the current location. In Office on the web, it also allows the user to edit the content.
|
Yes |
No |
|
PRINT
Enables the options to print the content.
|
Yes |
No |
|
ALLOW MACROS
Enables the option to run macros or perform other programmatic or remote access to the content in a document.
|
No |
No |
Email Permissions
| Permissions |
SFU Accounts |
External Users |
|
REPLY
Enables the reply option in an email client, without allowing changes in the to or cc lines.
|
Yes |
Yes |
|
REPLY ALL
Enables the reply all option in an email client, but doesn’t allow the user to add recipients to the to or cc lines.
|
Yes |
Yes |
|
FORWARD
Enables the option to forward an email message and to add recipients to the to and cc lines. This right does not apply to documents; only email messages. Does not allow the forwarder to grant rights to other users as part of the forward action.
|
Yes |
No |