Office 365 Acceptable Use and Data Protection
Please review the Acceptable Use of Microsoft Office 365 for Education Policy before storing, synching, and/or sharing data in any of CUNY’s cloud services.
The following table summarizes what data can and cannot be stored so data is protected from unauthorized access:
| Data Classification |
Allowed in Office 365 |
Example |
| Confidential |
No |
- Personally Identifiable Information (PII)
- Student educational records
- Health Information
- Citizenship information
- Payment (credit/debit) cardholder information
- Trade secrets, intellectual property or information that may be relevant for the creation of a University, faculty or student owned patent
- Research data under a restricted data use agreement or other IRB data and relevant restrictions that do not explicitly permit cloud storage
- Passwords and access codes
|
| Sensitive |
Yes, with security recommendations |
- Email and other communications regarding internal matters not been specifically approved for public release
- Proprietary financial, budgetary or personnel information not explicitly approved by authorized parties for public release
- Identities of donors or other third-party partner information maintained by the University not specifically designated for public release
|
| Public |
Yes |
- Any data not classified as Confidential or Sensitive as defined previously
|
