Microsoft Office 365

Privacy & Security

Cloud storage

Office 365 is a cloud-based service, meaning the application and data are hosted on a network of servers around the world to ensure continuity and quality of service. (Learn more at Microsoft's website.)

Here's what this means for your information:

  • Ownership of email is unaffected and intellectual property rights remain intact.
  • Microsoft can only use the data for provisioning or enhancing the service. Data is scanned in an automated fashion (no human interaction) for spam filtering and indexing, similar to any other email system (including Dal's previous system).
  • Microsoft does not advertise on the service.
  • Read Microsoft's statement on customer privacy.
  • The Personal Information International Disclosure act allows the university to store information outside of Canada if certain requirements are met. Dalhousie has complied with those requirements.

Email security

Email is a safe method of general communication but there are no guarantees: this was true with Dalhousie's previous email service and it is true with Office 365 as well. In an era of mobile devices, wireless networks, and global communications, email is simply not appropriate for storing or sharing sensitive information — not now, on the previous system, or in the future on Office 365.

Read: Being e-smart in an email world

Some tips on sharing information more securely:

  • Use locally-based file storage locations such as Novell shared drives (NetStorage) or DalShare.
  • Use the campus file exchange system, File Share.
  • Email about setting up a database for a particular operational need.

Determining what is appropriate for email

Some information is never meant for email. If you're an employees, please consult with your supervisor or manager if you have questions on appropriate use.

  • Where other options are available, avoid sending any highly-sensitive or sensitive information by email.
  • Internal-use and public information are okay to email.

Definitions of highly-sensitive or sensitive information are going to vary person to person and project to project. Here are some general definitions to use as a guide. In all cases, use your best judgement or consult with your supervisor or manager.



  • This information must be protected with the highest levels of security, such as where prescribed by law or contracts.
  • Disclosure of this information will have an adverse effect on the reputation of the university.
  • Where other options are available, avoid sending highly-sensitive information by email.


  • This information is considered private and should be guarded from disclosure.
  • Disclosure of this information may contribute to financial fraud, violate provincial and/or federal law, or damage the university's reputation.
  • Where other options are available, avoid sending sensitive information by email

Internal Use

  • This information is not generally available to parties outside the Dalhousie community, such as directory listings, minutes from non-confidential meetings, and internal websites.
  • Public disclosure of the information would cause minimal trouble or embarrassment to the university.
  • This information is okay to send via email.

Public Use

  • This information is for general public use, such as the university's website content, press releases, and annual reports.
  • This information is okay to send via email.