M365 Privacy and Security

Your UVic Microsoft 365 account has the same protections as your NetLink ID. We recommend setting a secure passphrase and enabling UVic MFA on your account for the most protection.

All Microsoft 365 applications are part of Microsoft's enterprise-grade cloud, which delivers advanced security and compliance capabilities. Data is encrypted in transit and at rest.

Important: All data is stored in Canada, however some automated processing like spellcheck and transcription does pass through US data centres and may not be suitable for some highly confidential information. 

If you have questions about using Microsoft 365 services with confidential or highly confidential information, please contact the Computer Help Desk.

UVic policies and procedures

All interactions within the UVic Microsoft 365 environment are subject to UVic policies, procedures, and expectations. Here's a simplified version of relevant UVic policies as they relate to Microsoft 365.

University Policy GV0205 Discrimination and Harassment

University Policy IM7200 Acceptable Use of Electronic Information Resources

  • Microsoft 365 services are primarily for teaching, learning, and work related to UVic. Some personal use is acceptable if it doesn't disrupt UVic use. UVic is not responsible for personal data stored in the service.
  • Commercial use is not permitted. This includes use of @uvic.ca email addresses for personal business purposes.
  • OneDrive storage is subject to copyright laws. This means you can't store any data that you aren't legally licensed to have (like copies of movies or songs you haven't legally purchased). Learn more about fair dealing and copyright at UVic.

University Policy IM7700 Records Management Policy

  • Electronic records stored in Microsoft 365 applications should be maintained like all other UVic data storage. This includes your personal OneDrive and shared OneDrive folders attached to a Microsoft Team or SharePoint site.
  • You're responsible for following data retention guidelines for archiving data and secure deletion of unneeded documents from your Microsoft 365 account.
  • Teams chat messages are deleted after 5-months. This doesn't include conversation threads in a Teams channel, just chats between users and groups. Formal conversations and important decisions should be documented elsewhere to avoid losing data.

You can learn more about records management strategy and procedures on UVic's Records Management site.

University Policy IM7800 Information Security Policy

  • Data stored in Microsoft 365 applications falls under the same information classification levels—highly confidential, confidential, internal, public—as other UVic records. 
  • Take care when sharing highly confidential and confidential information stored in Microsoft 365 services like OneDrive, Teams, or SharePoint. It is your responsibility to ensure that data is stored, transmitted, and accessed in a secure way appropriate for the classification of this information.
  • University Systems is responsible for vetting any add-ins and 3rd-party apps for UVic's Microsoft 365 environment. Some add-ins and apps send data outside Canada. If there's an app you want to request, please contact the Computer Help Desk.

You can read more about Microsoft's privacy information on their website.

Research data management

If you have questions about storing sensitive research data, you can contact Research Computing Services for a data management and security consultation.


If you have questions about storing UVic data in Microsoft 365 services, contact the Computer Help Desk to discuss best options.