Skip to main content Skip to local navigation
UIT
Home » Faculty & Staff Services » Microsoft 365 for Faculty and Staff » Handling University Data in Microsoft 365

Handling University Data in Microsoft 365

Data Classification Definitions

Data that is intended for public access and does not require protection. Sharing this information poses no risk to individuals or the institution.

Information that is intended for internal university use only. While not highly sensitive, unauthorized disclosure could cause disruptions or reputational damage.

Sensitive university data that should only be accessible to authorized personnel. Unauthorized access or exposure could lead to reputational harm, legal issues, or policy violations.

  • Examples:
    • Student academic records (grades, transcripts, student IDs)
    • Faculty performance evaluations and tenure review documents
    • Internal financial reports and budgeting documents
    • Internal research data that has not been published
    • Legal documents and contracts
    • Non-public grant proposals

Highly regulated data that falls under legal or compliance frameworks, such as Personal Health Information (PHI) and Payment Card Industry (PCI) data. This data requires strict security measures, including encryption, restricted access, and compliance with privacy laws such as FIPPA (Freedom of Information and Protection of Privacy Act).

  • Examples:
    • Student Health & Counselling Records
    • Payroll & Banking Information
    • Financial Transactions & Payment Data
    • Research involving sensitive participant data
    • Government-issued IDs
ServicePublic
(Low Risk)		Internal
(Medium Risk)		Confidential
Non-PCI/PHI*
(High Risk)		Regulated
PCI/PHI*
(High Risk)
Outlook
(email and calendar to internal @yorku.ca accounts)
Outlook
(email and calendar to external non-York accounts)
Teams
SharePoint
(Default templates)
SharePoint
(Custom templates)		With approval
OneDrive for Business
Forms
Loop
Viva
Copilot Free
With Enterprise Data Protection
Copilot Premium
Power Platform (Power Apps, Automate, BI)

*Payment Card Industry (PCI), Personal Health Information (PHI)

Additional Resources

Classification Procedures >>
Classification Standards >>
Additional Policies and Guidelines >>