Office 365 Sensitivity Labels at UQ

• Emailing your partner about dinner plans 

• A document outlining your holiday itinerary 

• Broad email correspondence appropriate for the wider public 

• PowerPoint intended for public presentation 

• Official documents appropriate for public view 

• The majority of internal email correspondence 

• External email correspondence where the content should not be shared with wider public, but would not be classified as SENSTIVE or PROTECTED

• Identity information of staff members or students (e.g. employee number or position title)

• Administrative documents 

• Business unit processes and procedures

Use this for information that if breached owing to accidental or malicious activity could reasonably be expected to cause harm to UQ, another organisation or an individual if released publicly. 

Access should be authorised based on strict academic, research or business need. 

• Unpublished research data 

• Student and staff human resources data (e.g. Tax File Numbers, passport details, bank account details)

• Organisational financial data

• Exam material

Use this for information that if breached owing to accidental or malicious activity could reasonably be expected to cause serious harm to UQ, another organisation or an individual if released publicly. 

Access should be authorised based on very strict academic, research or business need. 

• Confidential legal documents or emails 

• Medical records 

• Work cover forms 

• Commercially significant research results^.

These labels simply add a persistent metadata label to the document. 

This helps to increase data literacy and awareness, and should prompt users to become more conscious in their decision making when storing and sharing emails and files. 

These labels simply add a persistent metadata label to the email. 

This helps to increase data literacy and awareness, and should prompt users to become more conscious in their decision making when storing and sharing emails and files. 

SENSITIVE and PROTECTED have additional controls, to help protect against unauthorised access, compromise or accidental breaches: 

• The document/email will be automatically encrypted. 

• A header and footer added to clearly denote the content's Information Security Classification.  

• The document owner controls viewing, editing and sharing permissions.  The owner will be prompted to assign permissions as soon as they label the document as SENSITIVE or PROTECTED. 
  They can select who has full, edit and read only access to the document, whether the document can be copied or printed, an expiry date to accessing the content, as well as change control settings to add or remove users. 

• ^{Note that currently you can only assign a SENSITIVE or PROTECTED label in the desktop client (not web client) of Word, Excel and PowerPoint, therefore will need to use desktop client for such labelled documents. Adding this capability to web client is currently under review by Microsoft Engineers, with an anticipated timeframe of 6-9 months.} 

SENSITIVE and PROTECTED have additional controls, to help protect against unauthorised access, compromise or accidental breaches: 

• The document/email will be automatically encrypted. 

• A header and footer added to clearly denote the content's Information Security Classification.  

• It restricts access to the email content to only the email addresses you have added as recipients.  Recipients will not be able to forward, print or copy the email's content. 

• ^{Note: If the recipient is not using Outlook with an Microsoft-provisioned email address, they will be directed to a secure Microsoft gateway to view the email. It is suggested that before sending a SENSITIVE or PROTECTED email to a recipient external to UQ, you first send an OFFICIAL – INTERNAL email advising them of this process.}  

• It prevents the email contents from previewing in the recipient’s inbox (they will have to open the email to read it). If the recipient is using Outlook, they will see an icon (a lock icon or a red dot, depending on their Outlook version) next to the email preview, indicating that the content is confidential.  

Access to this document, if shared or saved in a shared location, will not be impacted. Users will not notice any change, however if they have Office 365 Sensitivity Labels enabled they will be able to see what label has been set under the 'Sensitivity' tool. 

If the recipient of the email has UQ's Office 365 Sensitivity Labels enabled: the label will display next to the email subject line. If they mouse over the label, a description of the label will appear. 

If the recipient of the email does not have UQ's Office 365 Sensitivity Labels enabled: they will not notice any change.  

The document will be automatically encrypted. 

A header and footer will be displayed, clearly denoting the content's Information Security Classification and handling instructions. 

The document owner controls viewing, editing and sharing permissions. 

Another user will only be able to open this document if it has been shared with them by the document owner. Whether they can only view, edit, or have full access to the document, will depend on the permissions the owner has set. 

The email will be automatically encrypted. 

If the recipient is using Outlook, they will see an icon (a lock icon or a red dot, depending on their Outlook version) next to the email preview, indicating that the content is confidential.  

The content of your email will not preview in the recipient's inbox (they will have to open the email to read it).  

If the recipient does not use Outlook with an Microsoft-provisioned email address, they will be directed to a safe and protected gateway to view the email. 

• ^{Note that the notification email that directs to the safe gateway does not state that this email can only be accessed by the intended recipient. If you feel it is necessary, you may like warn the recipient that they will soon be receiving a confidential email by first sending an OFFICIAL-INTERNAL email.} 

Within the email body, a header and footer will be displayed clearly denoting the content's Information Security Classification and handling instructions.