Lync allows information to be exchanged between two or more individuals electronically in a variety of formats. It is important to understand the security implications of using a collaboration service like Lync to exchange Sensitive Information. Please review the University’s Data Classification Guide for more information on how to classify information.
Lync meets IS&T’s security requirements for Public, Sensitive and Confidential Information, but does not meet the requirements for Restricted Use data. If you routinely handle Restricted Use data such as Credit Card numbers, Social Security numbers, Financial Account numbers for external financial institutions, Protected Health Information (PHI) or HIPAA data, you must be careful not to share this information over Lync.
Other important considerations:
- Be aware that portions of your chat history may be stored in your Exchange account and may persist beyond the Lync session and may be subject to legal discovery.
- It is possible to record Lync sessions. Any recordings made of a Lync session must be protected in a manner consistent with the sensitivity of the information discussed in the session. See the Data Classification Guide for details.
- While sharing a program or your entire desktop during a Lync presentation, be aware that if you explicitly choose the option to “Give Control” to someone else, that person will have full control over either the program you are sharing or, if you are sharing your desktop, your entire computer. When choosing to give control, be sure you know and trust the person to whom you are giving control. Keep an eye on what they are doing and be sure to take back control or terminate the session when the collaboration is complete. You can view a short video with more details on sharing and giving control.