Skip to main content
Next-Gen. Now.
The Campaign for Concordia
Concordia University
Concordia University

IT Services

IT Services

Data protection

Keeping institutional information safe

Introduction

Concordia is responsible for ensuring the availability, security, confidentiality, and integrity of all institutional data and institutional information. This includes information managed and residing on University systems, stored on personal devices, managed by a third party or a business partner, or outsourced to a service provider. This does not apply to professors or researchers creating or using data for pedagogical or research purposes.

Concordia’s Policy on Data Governance (PRVPA-4) and associated Data Governance Framework, have been created to structure the way in which we store information at the university securely. Four different security levels have been created with data handling guides to classify and safely store the different types of information that our community deals with daily.

Secure data storage is a shared responsibility, we must work together to keep our information safe.

What does this mean for you?

As a Concordia faculty or staff member you must:

  • Read and understand the definitions and usage limitations of all institutional data and the information that you work with.
  • Understand and appropriately save your documents according to the handling guidelines of each different data class.
  • Ensure the accuracy and quality of the institutional data and information that you are responsible for entering and creating.
  • Safeguard your data access privileges.

Data categories

Class 1: PUBLIC

Non-sensitive information that is available for external release outside the University.
Examples include: published research and press releases.

How to handle public data

Class 2: INTERNAL

Information only sensitive outside the University, intended for internal day-to-day operations and generally available to employees/authorized individuals.
Examples include: departmental organization chart, non-public list sof university courses, job profiles, compensation information.

How to handle internal data

Class 3: CONFIDENTIAL

Information that is sensitive within the University and is intended for business use only by authorized individuals on an authorized need-to-know basis.
Examples include: student ID, employee ID, demographic data (name, date of birth, address), unpublished research or grant information and contractual non-disclosure information.

How to handle confidential information

Class 4: RESTRICTED

Information that is extremely sensitive, of the highest value to the University and intended for use only by named individual(s).
Examples include: Social Insurance Numbers (SIN), bank account information, gender, ethnicity, religion, political beliefs, biometrics /sensory information, personal health records and disability status.

How to handle restricted information

FREQUENTLY ASKED QUESTIONS

Data governance is a process created to oversee different types of data within an organization. Data standards and policies are created to manage the definition, use, quality, consistency, usability, security, accessibility, and availability of structured and unstructured data.

Creating a data classification system enables Concordia to protect students, employees, and other important internal information such as social insurance numbers, demographic data, grant information and ID numbers.

By creating a set of categories that outline proper handling procedures for different types of information, Concordia can ensure consistent saving habits across the university and greater information security.

Additionally, data classification helps to ensure that data is usable and accessible which leads to better data analytics and in turn better decision making and improved operational support.

Institutional data is any standardized representation or depiction of facts or figures that can be created, collected, processed, communicated or interpreted.

Examples include social insurance numbers, demographic information, personal information, student ID numbers and generated reports.

Before encrypting a document, please note that passwords are case-sensitive and can be a maximum of 15 characters long.  

If you lose or forget your password, Word will not be able to recover it for you. Be sure to keep a copy of the password in a safe place or create a strong password that you will remember.

Windows

  1. Go to File > Info > Protect Document > Encrypt with Password.
  2. Type a password, then type it again to confirm it.
  3. Save the file to make sure the password takes effect.

MacOS

  1. Go to Review > Protect Document.
  2. Under Security, you can select whether to enter a password to open the document, modify the document, or both. Enter each password again to confirm.
  3. Click OK.

Web

Word Online can’t encrypt a document with a password, and it can’t edit documents encrypted with a password. If you want to protect the file with a password, click or tap Open in Word to open your document in the desktop version of Word. After you've added password protection, you’ll need to use the Word desktop program to open the document.

Encrypt with Microsoft 365 Message Encryption

  • In an email message, choose Options, select Encrypt and select the encryption with the restrictions you want to enforce, such as Encrypt-Only or Do Not Forward.

Encrypt a single message

  • In the message that you are composing, click File > Encrypt this item
  • Click Security Settings, and then select the Encrypt message contents and attachments check box.
  • Compose your message, and then click Send.

Encrypt all outgoing messages

When you choose to encrypt all outgoing messages by default, you can write and send messages normally, but all potential recipients must have your digital ID to decode or view your messages.

  • On the File tab and choose Options >Trust Center > Trust Center Settings.
  • On the Email Security tab, under Encrypted email, select the Encrypt contents and attachments for outgoing messages check box.
  • Select OK to save changes.

Nondisclosure agreements must have very specific wording to be compliant with applicable legislation. If you require a nondisclosure agreement please contact Concordia’s Legal Services for assistance.  

For more information on Concordia’s guidelines regarding archiving files, please visit our Records Management and Archives webpage. Here are some associated policies on archiving and email management:  

Windows 10

  • Click Delete in the File Explorer Ribbon at the top of the window, or click the arrow underneath the Delete option and select Permanently delete. Clicking Delete sends the file to the Recycle Bin, while selecting the Permanently delete option deletes the file for good.

Mac OS

After selecting the file in Finder, use either of these methods to permanently delete a file on a Mac without sending it to the Trash first:

  1. Hold the Option key and go to File > Delete Immediately from the menu bar.
  2. Press Option + Command (⌘) + Delete.

You should always try to not store information on your laptop, tablet, or phone in-case of loss or theft. Concordia recommends the use of Office 365. Click here to learn more about working securely with the Office 365 apps.

Return to Security & privacy page
 
Back to top

© Concordia University