Across Unitec we often hold or use data that may be deemed to be sensitive and must be protected with added security controls. This may be information that is commercially sensitive or contains personal identifiable information (PII) on our ākonga and kaimahi. PII is information that when used alone or with other relevant data can identify an individual. This can include Credit Card numbers, passport or drivers licence numbers or Ministry of Health Numbers, Bank account, IRD number.
While the use of this information would be used for a valid function or activity it is important that we help protect this sensitive data and prevent the risk of using this inappropriately or sharing it with people who shouldn’t have it.
To help prevent accidental sharing of this information we have enabled a Sensitivity Labelling feature within Office 365. We encourage staff to begin labelling any documents with the appropriate sensitivity label based off our Unitec Information Classification Standard.
There are a couple of ways you can apply the label to your documents.
One is at the top of the window where you will now find the sensitivity labels and a brief description available as below:
The other option is on the Home menu Ribbon where you will now see a sensitivity dropdown enabled:
Labelling your documents accordingly allows us to better understand and monitor what type of information is contained in files across our network and set access restrictions as appropriate. For particularly sensitive information we are then able to put additional controls in place to prevent the accidental sharing or misuse of this information.
When emailing Sensitive information externally for example you may see at the top of the document a Policy Tip outlining what type of sensitive label was detected.
When sensitive information is detected the email will be blocked, but you will have an option to override the block. This will look like below in the following applications.
This acts as an additional safety step for the unintentional sharing of sensitive information by giving the option to review and remove the attached file or provide an override and business reason on why it is being shared.