Canvas users can upload any file on their computer. Sometimes these files contain sensitive information (PII or Title IV Student Data), or might even be malicious (viruses, phishing links). Accidents happen ; it is plausible that a faculty member could accidentally upload an incorrect file to Canvas in an announcement, inadvertently disclosing sensitive information.

Canvas implements “Data Loss Prevention” functionality, similar to M365 SharePoint, that can detect certain pre-defined text strings such as SSN, Student ID, Grades, passport number, etc., then react to those according to a set of administrative-defined rules. For example, “log only” so that an admin could review the uploads for potential incidents, or “block,” preventing users from ever uploading sensitive information into Canvas.

instructor,student,ta,designer