All U-M institutional data is classified into one of the four classifications or sensitivity levels described below: Restricted, High, Moderate, and Low. For more detail, see:
- About Sensitive Data Classification. Classification levels drive required and recommended protections.
- Examples of Sensitive Data by Classification Level. See which data types fall into each classification level.
- Examples of Sensitive Data by U-M Role. Data examples grouped by the U-M community members who work with them the most.
- Sensitive Data Guide to IT Services. Which IT services at U-M can be used to store and share particular data types.
Restricted
- Disclosure could cause severe harm to individuals and/or the university, including exposure to criminal and civil liability.
- Has the most stringent legal or regulatory requirements and requires the most prescriptive security controls.
- Legal and/or compliance regime may require assessment or certification by an external, third party.
High
- Disclosure could cause significant harm to individuals and/or the university, including exposure to criminal and civil liability.
- Usually subject to legal and regulatory requirements due to data that are individually identifiable, highly sensitive, and/or confidential.
Moderate
- Disclosure could cause limited harm to individuals and/or the university with some risk of civil liability.
- May be subject to contractual agreements or regulatory compliance, or is individually identifiable, confidential, and/or proprietary.
Low
- Encompasses public information and data for which disclosure poses little to no risk to individuals and/or the university.
- Anyone regardless of institutional affiliation can access without limitation.
Applicable University Policies
You are responsible for complying with the policies and standards below. The information on this page help you meet that responsibility.