Starting February 26, UNMC and Nebraska Medicine will roll out automatic Microsoft Data Classification labels across their Microsoft 365 platform. This is a key step in ensuring that important data is identified and protected according to established policies and regulations.
Here’s what you need to know:
- The new system reflects IM‑50 Data Classification, which outlines how data must be categorized and safeguarded across the organization.
- It also follows the University of Nebraska’s policies on risk classification and security standards, emphasizing the need to protect data based on its sensitivity.
Good news—users won’t have to do anything! The Information Security team will configure Microsoft 365 to automatically apply these data labels. This helps keep documents and emails secure, reducing the chances of unintended information leaks.
The labels will fall into four categories:
- Level 1 – Public data: Low-risk information like job postings and published research that can be shared freely.
- Level 2 – Internal data: Moderate-risk documents such as departmental budgets and procedures, meant for internal use only.
- Level 3 – Confidential data: High-risk material requiring authorization, including personnel records and protected educational info.
- Level 4 – Highly restricted data: Sensitive data that needs strict control, like health information and Social Security numbers.
Even with the automatic labeling, every user is responsible for handling data correctly. It’s important to share sensitive info only with authorized folks and to use secure methods for storing and transmitting data. Users should also be prepared to report data inventories as requested by Information Security.
This new automated labeling is just the beginning. As data security continues to evolve, UNMC and Nebraska Medicine will introduce further measures. They’ll keep providing clear guidance on best practices to ensure everyone’s data is secure.
For more details on data classification and handling policies, check out IM‑50 Data Classification and Executive Memorandum 42.
