Microsoft 365 Privacy Notice
Through the University’s campus agreement with Microsoft, employees have access to Microsoft 365 apps, such as Teams, OneDrive and SharePoint. Beginning November 2021, faculty and staff email will also be provided through Microsoft 365. Student email has been powered by Microsoft 365 for several years already.
Data processed by these apps are stored in Microsoft’s data centres in Canada and the US. This data processing has been reviewed to ensure compliance with the University’s privacy obligations. Microsoft uses robust security measures to protect ¶¡ÏãÔ°AV’s data from unauthorized access and complies with ISO/IEC Standards 27001 and 27018 for protecting personal data in the cloud.
Two types of data are processed by Microsoft 365: customer data and diagnostic data.
- Customer data includes all text, sound, video or image files processed through an app and often contain personal information. Almost all customer data are stored in Canada - see the link below for the latest residency information. However, data may flow outside of Canada when accessed by Microsoft personnel or contractors. Microsoft pledges not to use customer data other than to provide services to ¶¡ÏãÔ°AV. ¶¡ÏãÔ°AV determines how long these data are kept by Microsoft.
- Diagnostic data are collected automatically and relate to how users engage with Microsoft 365. These data are not considered identifiable and are stored in the US. Microsoft uses diagnostic data for its purposes and determines how long these data are kept. ¶¡ÏãÔ°AV has taken measures to minimize the amount of diagnostic data collected by Microsoft.
As Microsoft 365 can be used to provide non-¶¡ÏãÔ°AV users with access to files, periodically review access permissions along a need to know basis. Rights management can also be engaged at the file level. “Anyone” link sharing should be avoided.
Microsoft publishes additional information regarding Microsoft 365 data processing at: