Why?
Public Teams and Groups can be accessed and viewed by all @wpi.edu accounts, therefore they may only contain unrestricted data.
Action Needed
All Team and Group owners should check the settings of sites/lists in use and ensureĀ PrivateĀ is selected, unless there is truly a need for Public usage. Public site/list owners must ensure that only unrestricted content is available. (Instructions in Details.)
Details
Private vs. Public
Microsoft 365 Teams sites and Groups mailing lists are popular here at WPI, with over 1,000 in use. It is important to consider what information you are sharing through these tools, and set to private where appropriate. Only unrestricted data can be included in Public Teams and Groups.
By default, a new Teams site or Outlook Group is set to private. If the owner chooses to make either public, they are allowing anyone with an @wpi.edu account (students, faculty, staff, alumni) and even some guests access to view and edit. In most cases, this is too much information to share! Would students in a social group want all faculty and staff to see their conversations? Would an academic or administrative department want the whole campus to have a peek at the latest meeting minutes or business issues?
Privacy Obligations
Personal, private, and sensitive information contained in files or posts on public Teams and Groups could be violating local, state, or federal laws, such as FERPA or the Massachusetts Data Privacy Law. The WPI Data Classification and Usage Policy (linked in Actions) establishes a framework for classifying institutional data. If you are not sure whether your content is restricted or unrestricted, please do not hesitate to reach out to Information Security with your questions using Request Help below.
Action Needed
Now:
All Team and Group owners should check the settings of sites/lists in use and ensure Private is selected, unless there is truly a need for Public usage. The Public option may be appropriate for certain efforts requiring broad visibility and external collaboration, but only unrestricted information can be shared because it is open to all WPI account holders.
Enable Team Privacy by:
- In Teams on the Team name select More options ...
- Choose Edit team toward the bottom of the menu.
- Under Privacy, select Private.
Enable Group Privacy by:
- In Outlook click on the Group name select ... for more options.
- In Group Settings choose Edit Group.
- Under Edit Settings for Privacy select Private.
Reminders of times to check this setting in the future:
- When creating a new Team or Group, including when a Group is converted into a Team.
- If you inherit ownership of an existing Team or Group.
- When the original purpose of a Team/Group morphs into something new, keeping in mind what is contained in past posts, files, etc. that may be visible to current and future members.
For assistance with these settings, you are welcome to contact the IT Service Desk .