Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

Privacy Concern! Remove access to PRIVATE appointments on Outlook Calendars

Avatar

Level 3

09-11-2018

With the current version of the Outlook calendar integration, there is a reasonable privacy concern that needs to be addressed.

Admins and third-parties with Admin access are able to log in as any user and see all of their Outlook calendar appointment data including personal and private appointments.

The integration is ignoring the Outlook privacy settings including both Calendar Permissions and appointments marked as Private (lock symbol), and should be modified to carry over these privacy settings.

While obviously folks should be responsible with their sensitive personal information and avoid entering it into any work tool like Outlook, I believe that there is a reasonable expectation of privacy when these specific settings are enabled and it should be honored through this integration.

I may expect someone in IT at my own organization having the ability to look at my doctors' appointments or interviews scheduled, but I wouldn't expect an Admin who could be my peer or in a different department, or a third-party vendor I may know nothing about having access through an Admin account via integration.

The following permissions and settings are currently being ignored and should be respected: