Sensitivity Labels Guide
Use the right label to protect our business and reduce risk.
Sensitivity Labels
Public
Definition:
Business data that is specifically prepared and approved for public consumption.
Examples:
- Published marketing materials
- Public website content
- Press releases
- Approved external communications
Handling Guidelines:
- Can be shared freely inside and outside the organization
- No restrictions on distribution
Business Use
Definition:
Data intended for internal use and authorized external parties.
Examples:
- Internal communications (emails, chats)
- Meeting notes
- Internal policies and procedures
- Non-sensitive project documents
Handling Guidelines:
- Share within the organization by default
- May be shared with approved external parties when appropriate
- Should not be publicly posted
Confidential
Definition:
Sensitive business data that could cause damage to the business if shared with unauthorized people.
Examples:
- Contracts
- Security reports
- Forecast summaries
- Sales account data
Handling Guidelines:
- Share only with authorized individuals
- Limit external sharing and ensure approval when required
- Use secure storage and sharing methods
- Apply encryption where available
Highly Confidential
Definition:
Very sensitive business data that would cause significant damage to the business if shared with unauthorized people.
Examples:
- Employee and customer information
- Passwords and credentials
- Source code
- Pre-announced financial reports
Handling Guidelines:
- Strictly limited to authorized individuals (need-to-know basis)
- Do not share externally without explicit approval
- Always use secure and encrypted methods
- Avoid local storage unless absolutely necessary
Decision Flow: How to Choose the Right Label
Use the following decision process:
- Is the data specifically prepared and approved for public consumption?
- Yes → Public
- No → Continue
- Is the data intended for internal use or authorized external parties only?
- Yes → Business Use
- No → Continue
- Could unauthorized disclosure cause damage to the business?
- No → Business Use
- Yes → Continue
- Would unauthorized disclosure cause serious or critical damage to the business?
- Yes → Highly Confidential
- No → Confidential
If the data does not clearly fit or risk is unclear:
Choose the more restrictive label or contact your manager or IT Security.
How to Apply Sensitivity Labels
In Microsoft 365 applications (Outlook, Word, Excel, PowerPoint):
- Select the Sensitivity button in the toolbar
- Choose the appropriate label
- Save or send your content
Quick Reminders
- Apply a label when creating documents or emails
- Review and update labels when content changes
- Share sensitive data only with those who need it
- When in doubt, choose the more restrictive label
Need Help?
If you're unsure which label to use, contact your manager or the IT Security team at
IT_Security@sacredheart.edu