Email Sensitivity Labels

Learn how to classify email content and encrypt it when appropriate.

How to Use Email Sensitivity Labels

Stevens has four levels of Data Classification Standards based upon the Stevens Information Security Policy (Appendix A), that all correlate with a sensitivity label that may be used in Microsoft Outlook, Word, Excel, PowerPoint, and other Microsoft 365 applications.

Public
Non-Public
Sensitive
Restricted

We encourage Stevens users to utilize the four sensitivity labels to apply protections such as encryption to your email message and any files it contains.

We recommend using OneDrive for safe and secure sharing rather than a 3rd party platform, so that sensitivity labels can continue to be used. If the use of OneDrive is not possible for some specific reason and email must be used, then we recommend the use of the Sensitive – Anyone (unrestricted) only in this situation. This label should not be used regularly due to weaker security controls.

Please be aware that when sharing data with someone who is not using the Microsoft 365 platform (i.e., Google) an error may occur. The error will only occur if Office files with sensitivity labels (either applied on the document itself or on an email message containing the documents) go outside of the Microsoft 365. Email messages alone or messages containing non-Office files (i.e. CSV or zipped files) with sensitivity labels going outside of Microsoft 365 do not have this issue.

Restricted Data has Critical Impact, Sensitive has High, Non-Public has Medium, and Public has Low. The graphic shows a dark red for restricted and gets lighter toward Public.

The following table shows examples of sensitive data types, the appropriate email sensitivity label to apply, and what protections are applied to that data.

Data Classification and Sensitivity Label Examples Protections Used Public

Directory information that has been designated for public view
Public-facing Stevens web pages
Publications approved for general release
Course catalogs

N/A

Non-Public

Use “Anyone (unrestricted)” if going to third-party; otherwise, use “All Employees (unrestricted)”

Data or information concerning Stevens infrastructure
Unpublished research data and other academic work that may be shared with third-party collaborators or other entities
Administrative data and reports that may be shared with third-party individuals or entities

N/A

Sensitive

“All Employees” if any Stevens user recipient can have access; “Trusted People” to select individual users*

Budget data, records, and plans
University Policies that are not publicly available
Meeting minutes and notes
Sensitive research data and materials

“Confidential” data header
Content is encrypted

Restricted

“All Employees” if any Stevens user recipient can have access; otherwise, use

“Specific People” to select individual users**

Information protected by state or federal privacy regulations
Any personally identifiable student, parent, or employee records
Financial and health records
Passwords
Source code

Highly Confidential data header
Recipients cannot forward or print the content**
Content is encrypted

*Note: “Trusted People” you select can reshare the email and its content.

**Note: “Specific People” you select cannot reshare the email and its content.

How to Use Encryption

Encryption is automatically applied to the Sensitive – “All Employees”, Sensitive – “Trusted People”, Restricted – “All Employees”, and Restricted – “Specific People” labels in Microsoft Outlook/Exchange.

You can also apply encryption on email messages without sensitivity labels using Options > Padlock icon > Encrypt as shown below.

Screenshot displaying the Options toolbar in an Outlook email draft with the Encryption option.

When a message is encrypted, Stevens users and any external users who are using Microsoft Exchange for emails will not see a difference when opening an encrypted email.

When an encrypted email is sent to an external user who is not using Microsoft Exchange, they will receive the following message.

Email that reads "example@stevens.edu has sent you a protected message." Below the message is a button that reads "Read the message."

Upon selecting “Read this message,” the user will see the encrypted message and attachments (example below).

Screenshot of decrypted email message.

Please note that if the external user receives the below message instead of the message you sent, you have probably selected an email sensitivity label for internal Stevens users (Sensitive/All Employees or Restricted/All Employees) not viewable for external users.

You must change the email sensitivity label to one for external users. In this case, external users would be able to fully view the email messages using the following sensitivity labels: Sensitive/Trusted People or Restricted/Specific People. Once you have updated the sensitivity label to accommodate external users, you will need to resend the email.

Screenshot of webpage that reads "You don't have permission to view this message."

Experiencing an issue or need additional support? Contact our OneIT Team:

Open a support ticket or
Call 201-380-6599