Office 365 usage recommendations
The following Office 365 usage recommendations for OneDrive and Microsoft Teams reduce the risk of accidentally sharing sensitive, confidential, or personal information. In the event that a staff member leaves the College, these recommendations allow departments to retrieve valuable College course materials and resources.
Do NOT store or upload any sensitive, confidential, or personal information to your Red River College OneDrive account or to any of your Microsoft Teams. This includes the following:
- Your own personal images, files, and information.
- Any student or staff information that you work with at the College.
ITS recommends classifying data into the following two categories:
- Data that is accessible by staff.
- Data that is accessible by students.
IT2: Security of Information Technology Resources
Each member of the campus community is responsible for the security and protection of the electronic information resources over which they have control. This includes information used on Office 365 accounts. Faculty and staff using OneDrive, Microsoft Teams, and other file‑sharing programs are the data owners according to the College’s IT2 Policy.
Please see the IT2: Security of Information Technology Resources webpage for further information, specifically these sections:
Data Owners are responsible and liable for the protection of their Data. Security levels can be established based on the following criteria: a) How confidential or sensitive is the Data. b) How important the Data is to the continuing operation of individual departments or the College as a whole in the event of a system failure.
Any application software used by the College must protect the privacy and confidentiality of the various types of electronic data they process.
Users must ensure that Data is protected wherever and however it is accessed.
G3: Freedom of Information and Protection of Privacy
Each member of the campus community is responsible for the safeguarding and protection of student and staff sensitive, confidential, or personal, information over which they have control, including FIPPA‑ and PHIA‑related information. This includes information stored on Office 365 programs such as OneDrive and Microsoft Teams.
Please see the G3: Freedom of Information and Protection of Privacy webpage for further information, specifically these sections:
Subject to any exceptions permitted by law, employees of the College must only collect and use as much Personal Information as is reasonably required to fulfill the purpose of collection.
All Records containing Personal Information must be kept in a secure environment when not in use. Paper based and other similar Records containing Personal Information must be kept in a locked location when not in use. Electronic Records must be kept on a secure electronic medium with access protected by password. In addition, Records containing Personal Information that are contained on removable storage devices such as flash drives must be encrypted.
Where an employee becomes aware of an existing or potential security breach as it relates to Records containing Personal Information, the employee must immediately record the circumstances related to the breach or potential breach, and forward it to the Access and Privacy Coordinator. The Access and Privacy Coordinator will conduct an investigation, and provide recommendations, if any, as to how to prevent such security breaches in the future. All College employees must follow the recommendations of the Access and Privacy Coordinator.