Microsoft 365 statement of use

Expectation of privacy

Information Risk Assessment

An Information Risk Assessment (privacy and security impact assessment) for Microsoft 365 email conducted by Information Security Services and the Secretariat concluded cloud hosting of employee email would meet applicable privacy legislation and University policy. The results of this assessment also apply to the projects included under the Microsoft 365 Program. You will be required to log in to view the IRA documents.

Expectation of use

  • Use of this service is governed by the Guidelines on use of Waterloo computing and network resources.
  • Email should not be used to share or store Highly Restricted data (as defined by University Policy 46, Information Management). Microsoft Teams, OneDrive, and/or SharePoint Online may be used instead.
  • Data stored in this service are subject to Microsoft data retention policies which may change from time to time. There is no capability to restore deleted data beyond the user-accessible facilities (e.g. versions and recycle bin) provided by Microsoft.
  • Users of this service are expected to exercise the utmost care when sharing files, e.g. verify spelling of names and email addresses.