Local encrypted hard drives on college owned devices. When storing restricted data, avoid the use of external media (e.g. USB hard drives and memory sticks). If external media must be used, ensure the drive or stick is encrypted. Instruction on how to encrypt external media can be found here.

Using access control methods to restrict to selected individuals, restricted information can also be stored in:

• Departmental network shared drives
• SharePoint Teams Sites
• Microsoft Teams Channels
• Microsoft OneDrive

• Restricted data must be kept in a locked filing cabinet, in a non-public area. Ensure adherence to ‘clean desk’ practices when working with restricted data. All Records containing Personal Information must be kept in a locked location when not in use.

• Restricted documents should be shared with other RRC employees using RRC’s Microsoft OneDrive to minimize the number of copies made available. Instructions on how to share a OneDrive file can be found here.
• If restricted data must be shared with external entities, documents should be emailed as a password protected/encrypted document. Instructions on how to password and encrypt documents can be found here.

• Documents that are RRC Polytech Restricted should include a cover or title page to ensure information is not accidently disclosed. This cover page should be clearly labelled by the author with an “RRC Polytech Restricted” classification and include actions required by the specific named individuals regarding disclosure or sharing of the information. Where possible, the label should include a hyperlink to the corresponding information classification level page, which contains details and the appropriate controls.
• Click here to download the RRC Polytech Restricted Information Classification Word template.

• Restricted physical documents must not be left unattended and must be stored appropriately when not in use (see physical storage above).

• Content creators can decide who can have access to restricted data. If you are sharing data with external third party, and you are unsure about right of access, consult with RRC’s Legal Services to ensure the privacy of the information has been considered.

• Restricted documents should be placed in the confidential shred bins located around the College.

• Delete files from local device, Teams, SharePoint, or OneDrive. Ensure that they are also removed from your local devices recycle bin.
• Ensure all RRC devices are returned to ITS at end of life or when an individual leaves RRC.
• All external media should be dropped off at one of the 2 confidential media disposal sites located at NDC and EDC.
• Destruction of documents containing Personal Information or Personal Health Information, must be done in accordance with RRC Policy G3 – Freedom of Information and Protection of Privacy.

Local encrypted hard drives on college owned devices. When storing protected data, avoid the use of external media (e.g. USB hard drives and memory sticks). If external media must be used, ensure the drive or stick is encrypted. Instruction on how to encrypt external media can be found here.

Using access control methods to restrict to selected individuals, restricted information can also be stored in:

• Departmental network shared drives
• SharePoint Teams Sites
• Microsoft Teams Channels
• Microsoft OneDrive
• Home Directory
• Local Hard Drive
• Colleague
• HRIS
• Learn

• Protected documents must be kept in a non-public area. Ensure adherence to ‘clean desk’ practices when working with protected data. All Records containing Personal Information must be kept in a locked location when not in use.

• Protected documents can be shared both internally and externally using RRC email. Care should be taken when sharing with external entities and the use of password protected encrypted documents should be considered. Instructions on how to password and encrypt documents can be found here.
• Protected documents can also be shared with other RRC employees using RRC’s Microsoft OneDrive to minimize the number of copies available. Instructions on how to share a OneDrive file can be found here.

• Protected documents should include a prominent label indicates the classification of the information, as in “RRC Protected”.
  Where possible, the label should be a hyperlink to the public RRC Website that contains details and the appropriate controls for the classification.

• Protected physical documents must not be left unattended and must be stored appropriately when not in use (see physical storage above).

• Content creators can decide who can have access to protected data. If you are sharing data with external third party, and you are unsure about right of access, consult with RRC’s Legal Services to ensure the privacy of the information has been considered.

• Protected documents should be placed in the confidential shred bins located around the College.

• Delete files from local device, Teams, SharePoint, or OneDrive. Ensure that they are also removed from your local devices recycle bin.
• Ensure all RRC devices are returned to ITS at end of life or when an individual leaves RRC.
• All external media should be dropped off at one of the 2 confidential media disposal sites located at NDC and EDC.
• Destruction of documents containing Personal Information or Personal Health Information, must be done in accordance with RRC Policy G3 – Freedom of Information and Protection of Privacy.

• Local hard drives on college owned devices. External media may also be used for storage. Encryption is not required.Using access control methods to restrict to both staff and/or students, internal information can also be stored in:
• Departmental network shared drives
• SharePoint Teams Sites
• Microsoft Teams Channels
• Microsoft OneDrive
• Home Directory
• Local Hard Drive
• College Intranet

• Internal physical documents must be kept in a non-public area.

• Internal documents can be shared both internally and externally using RRC email. Internal documents can also be shared with RRC employees or students using the College Intranet, RRC’s Microsoft OneDrive, SharePoint, or Teams.

• Internal documents should include a prominent label indicates the classification of the information, as in “RRC Internal”.
  Where possible, the label should be a hyperlink to the public RRC Website that contains details and the appropriate controls for the classification.

• Internal physical documents must not be left unattended in a public area.

• Content creators can decide who can have access to internal data.

• Internal documents should be placed in the paper recycling bins located around the College.

• Delete files from local device, Teams, SharePoint, or OneDrive. Ensure that they are also removed from your local devices recycle bin.
• Ensure all RRC devices are returned to ITS at end of life or when an individual leaves RRC.
• All external media should be dropped off at one of the 2 confidential media disposal sites located at NDC and EDC.

• Public information can be stored in the following locations:
• Departmental network shared drives
• SharePoint Teams Sites
• Microsoft Teams Channels
• Microsoft OneDrive
• Home Directory
• Local Hard Drive
• Rrc.ca

• Public physical documents can be stored in both public and non-public locations.

• Public information can be shared via email, social media, Rrc.ca website, Teams, etc.

• Public information does not require and specific labelling but may be labeled “RRC Public”.

• Public does not require any special handling methods.

• Public information can be shared with anyone.

• Protected documents should be placed in the paper recycling bins located around the College.

• Delete files from local device, Teams, SharePoint, or OneDrive. Ensure that they are also removed from your local devices recycle bin. Ensure all RRC devices are returned to ITS at end of life or when an individual leaves RRC.