News & Updates • October 17, 2024
Introducing new Microsoft sensitivity label
options for NAU employees
NAU employees can now select sensitivity labels on NAU Microsoft documents.
Beginning on Monday, October 21st, NAU employees can now select an optional sensitivity label on all Microsoft documents, including emails, Teams channels, Sharepoint sites, and more.
An example of how a sensitivity label may appear to a user1.
Sensitivity labels are a feature provided by Microsoft that displays a visual indicator of the sensitivity level of data contained within a document. The purpose of implementing these sensitivity labels is to better evaluate, index, and protect university data.
Sensitivity labels correspond to the Data Classification and Handling policy, which outlines the types of protections and procedures needed for each level of data. Because these labels correspond to the policy, they’re also structured in the same way, with 4 main levels of sensitivity.
Additionally, we’ve created custom sub-labels for specific university needs, and we’ll be continuing to update and improve labels based on the needs of the university2.
We’ve created custom sub-labels for university-specific needs.
You can get started using sensitivity labels3 by following the instructions provided by Microsoft for M365 applications.
Get started with sensitivity labels
Full list of sensitivity label options Accordion Closed
A more detailed dive into each level with examples can be found in our ServiceNow documentation.
Personal Data (non-leveled)
Utilization of the ‘Personal” label should be done when working on information that is just for you and not related to university business. This may include copies of your tax information, homework that you are submitting to a professor, or other non-work-related information.
Level 1 – Public Data
Public data is designed for the release of information to the entire world. This label should only be used when the information is freely and openly available and represents no harm if released to the general population.
Level 2 – Internal Use
Information that is not meant for the public or is not yet ready for release to the public and does not contain any sensitive or highly sensitive information is considered to be internal use only.
- All University Community Members
- All University Employees
- Departmental Use Only
- University Community Members and Affiliated Parties
Level 3 – Sensitive Information
Private information intended for restricted use within the University. Access to Sensitive Data is limited to protect its integrity and confidentiality. A high level of risk is associated with these data types, and they must be protected from unintended or unauthorized disclosure, loss, or destruction.
- Confidential
- Sensitive Information
- University Financial Records
- University Proprietary and Institutional Information
- University Research Data
- CJI (Criminal Justice Information)
- FERPA (Family Educational Rights and Privacy Act)
level 4 – Highly Sensitive
Most confidential and sensitive data possessed or controlled by the University. This level of data must be protected with the highest levels of security that are reasonably attainable. Highly Sensitive Data is intended for extremely limited use consistent with substantial legal requirements for its protection and stewardship. Any unauthorized access, disclosure, compromise, loss, modification, or destruction of Highly Sensitive Data could result in severely negative impacts or damage to the University, to University Community Members, or to independent entities that may have provided the data.
- Sensitive Research Data
- CUI (Controlled Unclassified Information)
- DFARS (Defense Federal Acquisition Regulation Supplement)
- EAR (Export Administration Regulations)
- FTI (Federal Tax Information)
- ITAR (International Traffic in Arms Regulations)
- PCI (Payment Card Industry Data Security Standard)
- PHI (Protected Health Information)
- SPII (Sensitive Personally Identifiable Information)
If you have any questions or concerns about these features, or if you’d like to share your feedback, reach out to us over email.
- Appearance of the sensitivity label may differ slightly based on a user’s operating system. The examples shown on this webpage are visuals from MacOS Sequoia (15). Label text will not differ based on OS.
- ITS may add, remove, change, or update security labels based on the needs of the community and other factors.
- At the time of this announcement, sensitivity labels are an optional feature and are not mandatory for use.