Information management in Microsoft 365

FAQ Image

What do you get to store in Microsoft 365?

When you work in H: and L: on your computer, you are on the university's own server. If you use OneDrive, Outlook, Teams, SharePoint, or another Microsoft 365 application, documents are instead saved in the college's cloud storage in Microsoft 365.

What you get to manage in the cloud are work materials and documents that don't contain a security host and classified information. Information shall primarily be handled in the operational systems available for each area.

This document follows the University's steering document Rules for storing Dalarna University's digital information

What is a public document

According to the Freedom of the Press Regulation, a document is public if it is stored with, received or drawn up by an authority. Public documents can be either public or secret. Whether the action is digital or analog doesn't matter. Documents which have not been sent out by the Authority (processed), but which have been drawn up and completed are also general, such as documents in a final case.

Not all documents of public authorities are public documents, such as work materials that are not finished, trade union documents and private communications.

Classified information and sensitive or extra-security-worthy personal data

Classified information (privacy matters), sensitive and extra security-worthy personal data shall primarily be stored in our business systems. If this is not possible, they should be stored in permission-controlled folders on the college's file server on L: or on H:.

Classified information and sensitive or extra-worthy personal data shall not be processed or stored in Microsoft 365. If you are unsure whether your information is covered by confidentiality, please contact support@du.se

What is information classified as privacy matters, sensitive and extra security-worthy personal data

Below is a description of the different types of information. The classes may require a higher level of security than for more harmless information and personal data. These should always be handled with caution.

Privacy issues

  • Confidentiality of staff and students: State of health, relocation, protected addresses, separation cases
  • Confidentiality for the protection of financial interests: Business and operating conditions, tenders/procurement.
  • Confidentiality in research: Assignments, patents, collaboration, statistics, transfer.

Sensitive personal data

  • Sensitive personal data such as disclosure of racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership and personal data relating to health or sex life.
  • Health data can include sick leave, pregnancy and doctor's appointments.

Violations of the law

  • personal data on offences involving offences, convictions in criminal matters, criminal proceedings or administrative detention;

Extra protection-worthy personal data Extra security values are also sometimes referred to as privacy-sensitive personal data. These may include the following areas:

  • information on infringements of the law including offences, convictions in criminal matters, pre-trial coercive measures or administrative detentions
  • valuing tasks, such as development discussion data, personality test results or personality profiles
  • information relating to someone's private sphere
  • information on social conditions.
  • Social security numbers are also counted as an extra person worthy of protection.

Non-protected or classified working documents can be stored in the cloud. In this way, the documents are more easily accessible.

Documents and documents containing internal harmless personal data (employee and elected officials' work-related personal data, such as name, email address, telephone number, position, but not social security number) may also be handled in the cloud. However, in the case of large lists, registers or the like, they should primarily be handled in an operating system.

Thinning, scavenging and archiving

Thinning always refers to the destruction of public documents and must be done on the basis of the university's screening rules. Thinning may only be carried out in consultation with the archive function.

Purging involves removing documents that are not public. For example, memos that were added during the handling of a case but did not provide the case with any substantive information and are deemed to have no lasting value once the case has been finalized.

Archiving means that information is preserved in a structured way over time. Teams is not an archive, and Microsoft 365 is not a conservation system. The material handled in Teams should be seen as live and up-to-date. In order for the information to be preserved, it must be transferred to one of the university's operating systems or to the archive.

Registration

Public documents must be registered in accordance with Chapter 5 of the Public Access to Public Access to Documents act. The task of registration is to create order among the university's documents, i.e. we will find documents when we need them. It will be easier to live up to the demands placed on us as authority.

Related documents

Office 365 Information Management: http://www-old.du.se/PageFiles/176502/Informationshantering%20i%20Office365.pdf

The steering document Rules for storing Dalarna University information: http://www-old.du.se/Global/dokument/Intran%C3%A4t/Beslut/2019/2019-11-18%20Regler%20f%C3%B6r%20lagring%20av%20H%C3%B6gskolan%20Dalarnas%20digitala%20information.pdf

For questions

If you have questions about information management in Microsoft 365, contact support@du.se

This article helped me! 
office365 o365 onedrive teams microsoft 365 office 365
Created: 4/26/2021 8:59:21 AM
 Author: Magnus Nilsson
 Updated: 6/21/2021 10:55:06 AM
 Updated by: Magnus Nilsson
Permalink: https://faq-test.du.se/kb/informationshantering_o365
 Share article:  Share
 Send feedback for this FAQ article:  Send feedback
 Access level: Visible to everyone