Summary
Sensitivity labels help classify data based on its level of sensitivity and ensure it is handled appropriately. Applying the correct label helps protect university data, supports compliance requirements, and reduces the risk of unauthorized access or sharing. This guide helps identify the correct label and also assist with the decision making process.
Body
Sensitivity Labels Guide
Use the right label to protect our business and reduce risk.
Sensitivity Labels
Public
Definition:
Business data that is specifically prepared and approved for public consumption.
Examples:
- Published marketing materials
- Public website content
- Press releases
- Approved external communications
Handling Guidelines:
- Can be shared freely inside and outside the organization
- No restrictions on distribution
Business Use
Definition:
Data intended for internal use and authorized external parties.
Examples:
- Internal communications (emails, chats)
- Meeting notes
- Internal policies and procedures
- Non-sensitive project documents
Handling Guidelines:
- Share within the organization by default
- May be shared with approved external parties when appropriate
- Should not be publicly posted
Confidential
Definition:
Sensitive business data that could cause damage to the business if shared with unauthorized people.
Examples:
- Contracts
- Security reports
- Forecast summaries
- Sales account data
Handling Guidelines:
- Share only with authorized individuals
- Limit external sharing and ensure approval when required
- Use secure storage and sharing methods
- Apply encryption where available
Highly Confidential
Definition:
Very sensitive business data that would cause significant damage to the business if shared with unauthorized people.
Examples:
- Employee and customer information
- Passwords and credentials
- Source code
- Pre-announced financial reports
Handling Guidelines:
- Strictly limited to authorized individuals (need-to-know basis)
- Do not share externally without explicit approval
- Always use secure and encrypted methods
- Avoid local storage unless absolutely necessary
Decision Flow: How to Choose the Right Label
Use the following decision process:
- Is the data specifically prepared and approved for public consumption?
- Yes → Public
- No → Continue
- Is the data intended for internal use or authorized external parties only?
- Yes → Business Use
- No → Continue
- Could unauthorized disclosure cause damage to the business?
- No → Business Use
- Yes → Continue
- Would unauthorized disclosure cause serious or critical damage to the business?
- Yes → Highly Confidential
- No → Confidential
If the data does not clearly fit or risk is unclear:
Choose the more restrictive label or contact your manager or IT Security.
How to Apply Sensitivity Labels
In Microsoft 365 applications (Outlook, Word, Excel, PowerPoint):
- Select the Sensitivity button in the toolbar
- Choose the appropriate label
- Save or send your content
Quick Reminders
- Apply a label when creating documents or emails
- Review and update labels when content changes
- Share sensitive data only with those who need it
- When in doubt, choose the more restrictive label
Need Help?
If you're unsure which label to use, contact your manager or the IT Security team at
IT_Security@sacredheart.edu