Our sensitivity labels

Open information

Requires no special protection. Documents may contain a limited amount of common personal data, and the impact on businesses or individuals if the information is disclosed or lost is minimal.

Handling

• Storage: No restrictions on storage, sharing, or transfer
• Sharing: Can be shared freely both internally and externally
• Email: Emails don't need to be encrypted

Things to consider

The label is not visible on the document, so use common sense - even if the information is open, think about context and recipients before sharing the information.

Limited sharing

This label is used for information that is not public but would not cause serious harm if disseminated. This may involve internal information, general correspondence or documents containing ordinary personal data in limited quantities.

Handling

• Storage: Can be stored in internal systems or approved shared environments, such as Microsoft 365
• Sharing: Should only be shared internally or with trusted external parties
• Email: Can be sent without encryption

Things to consider

The "Limited Sharing" label is automatically assigned to all documents by default, and no extra safeguards are automatically applied, but the label reminds you to be careful about how and with whom you share the information.

Confidential

This label is used for information that can cause harm if it falls into the wrong hands. This may involve privacy-sensitive personal data (e.g. social security numbers or class lists) or information that is particularly worthy of protection such as research documentation and protocols.

Handling

• Storage: May only be stored internally in secure systems, such as Mid Sweden University's servers, the vault or other approved business systems.
• Sharing: Restrict internal sharing with permissions. Encryption is required for external sharing.
• Email: If information is sent externally via email and contains sensitive data, it must be encrypted using the "Do Not Forward" function. Encryption is not required for internal communication

Things to consider

The label is visible on the document. Documents sent as attachments in encrypted emails retain the label "Confidential" and are protected for as long as they remain in the message. 

Strictly confidential

This label is used for our most sensitive information, the disclosure of which could result in significant harm to the University, its reputation, or individuals.

Examples of information:

• Confidential information
• Sensitive or extra protective personal data (e.g. health data)
• Procurement tenders, passwords, code keys
• Research documents with very high protection value
• Legal documents and intellectual property rights

Handling

• Storage: Can only be stored in the most protected internal systems (home directory, common directory or vault)
• Sharing: No external sharing is allowed without encryption and security measures. Share only with selected people or groups
• Email: All email transmission must be encrypted. Use the "Do Not Forward" encryption option when sharing strictly confidential information externally

Things to consider

Do not use Microsoft 365 services (Teams, SharePoint, OneDrive) or similar cloud services for this information. The label is visible on the document. Please be extremely careful when handling this information and always follow applicable security procedures.