Stevens Support Portal

201-216-5500
Login

Email Sensitivity Labels

Modified on: Wed, Mar 15 2023 5:11 PM

Learn how to classify email content and encrypt it when appropriate.


How to Use Email Sensitivity Labels

Stevens has four levels of Data Classification Standards based upon the Stevens Information Security Policy (Appendix A), that all correlate with a sensitivity label that may be used in Microsoft Outlook, Word, Excel, PowerPoint, and other Microsoft 365 applications. 

  • Public
  • Non-Public
  • Sensitive
  • Restricted

 

We encourage Stevens users to utilize the four sensitivity labels to apply protections such as encryption to your email message and any files it contains. 

 

We recommend using OneDrive for safe and secure sharing rather than a 3rd party platform, so that sensitivity labels can continue to be used. If the use of OneDrive is not possible for some specific reason and email must be used, then we recommend the use of the Sensitive – Anyone (unrestricted) only in this situation. This label should not be used regularly due to weaker security controls.


Please be aware that when sharing data with someone who is not using the Microsoft 365 platform (i.e., Google) an error may occur. The error will only occur if Office files with sensitivity labels (either applied on the document itself or on an email message containing the documents) go outside of the Microsoft 365. Email messages alone or messages containing non-Office files (i.e. CSV or zipped files) with sensitivity labels going outside of Microsoft 365 do not have this issue.


Restricted Data has Critical Impact, Sensitive has High, Non-Public has Medium, and Public has Low. The graphic shows a dark red for restricted and gets lighter toward Public.

 

The following table shows examples of sensitive data types, the appropriate email sensitivity label to apply, and what protections are applied to that data.



Data Classification and Sensitivity Label Examples Protections Used
Public
  • Directory information that has been designated for public view
  • Public-facing Stevens web pages
  • Publications approved for general release
  • Course catalogs
 N/A

Non-Public

Use “Anyone (unrestricted)” if going to third-party; otherwise, use “All Employees (unrestricted)”
  • Data or information concerning Stevens infrastructure
  • Unpublished research data and other academic work that may be shared with third-party collaborators or other entities
  • Administrative data and reports that may be shared with third-party individuals or entities
 N/A

Sensitive

“All Employees” if any Stevens user recipient can have access; “Trusted People” to select individual users*
  • Budget data, records, and plans
  • University Policies that are not publicly available
  • Meeting minutes and notes
  • Sensitive research data and materials
  • “Confidential” data header
  • Content is encrypted

Restricted

“All Employees” if any Stevens user recipient can have access; otherwise, use 

“Specific People” to select individual users**
  • Information protected by state or federal privacy regulations
  • Any personally identifiable student, parent, or employee records
  • Financial and health records
  • Passwords
  • Source code
  • Highly Confidential data header
  • Recipients cannot forward or print the content** 
  • Content is encrypted


*Note: “Trusted People” you select can reshare the email and its content.

**Note: “Specific People” you select cannot reshare the email and its content.



How to Use Encryption

Encryption is automatically applied to the Sensitive – “All Employees”, Sensitive – “Trusted People”, Restricted – “All Employees”, and Restricted – “Specific People” labels in Microsoft Outlook/Exchange. 


You can also apply encryption on email messages without sensitivity labels using Options >Padlock icon> Encrypt as shown below.


Screenshot displaying the Options toolbar in an Outlook email draft with the Encryption option.


When a message is encrypted, Stevens users and any external users who are using Microsoft Exchange for emails will not see a difference when opening an encrypted email. 


When an encrypted email is sent to an external user who is not using Microsoft Exchange, they will receive the following message.


Email that reads "example@stevens.edu has sent you a protected message." Below the message is a button that reads "Read the message."


Upon selecting “Read this message,” the user will see the encrypted message and attachments (example below).


Screenshot of decrypted email message.


Please note that if the external user receives the below message instead of the message you sent, you have probably selected an email sensitivity label for internal Stevens users (Sensitive/All Employees or Restricted/All Employees) not viewable for external users. 


You must change the email sensitivity label to one for external users. In this case, external users would be able to fully view the email messages using the following sensitivity labels: Sensitive/Trusted People or Restricted/Specific People. Once you have updated the sensitivity label to accommodate external users, you will need to resend the email. 


Screenshot of webpage that reads "You don't have permission to view this message."


Experiencing an issue or need additional support? Contact our OneIT Team:

Was this answer helpful?