Other Sensitive Institutional Data

Data Classification Level: Moderate

Key: Permission Levels

  • Permitted
  • Permitted with Information Assurance (IA) Consultation
  • Not Permitted

For IA consultation, please contact the ITS Service Center

Protecting sensitive data is a shared responsibility. You are responsible for ensuring that your use of permitted services complies with laws, regulations, and policies where applicable.

Permitted

Not Permitted

Data Type Description 

According to university policy, data will typically be classified as sensitive if any of the following are true:

  • Unauthorized disclosure may have serious adverse effects on the university’s reputation, resources, or services or on individuals
  • It is protected under federal or state regulations.
  • There are proprietary, ethical, or privacy considerations.

Data Steward: Information Assurance

Examples 

It is impossible to have an exhaustive list of sensitive data examples.  While the most common types of sensitive data classified as Moderate are already included in this guide, there are many other examples of similarlarly classified sensitive data, including:

  • Public safety and security information
  • Certain types of  information about hazardous substances
  • Certain types of blueprints and building plans
  • Proprietary information such as computer source code developed at the university
  • Certain types of information related to university investments and investment planning
  • Certain types of information related to university insurance claims
  • Information about misconduct proceedings
  • Animal research

Laws/Regulations/Policies 

Institutional Data Resource Management Policy (SPG 601.12)
Andrew File System (AFS): 
Not Permitted
Canvas: 
Permitted
Cloud Storage Included with Software: 
Not Permitted
Data Warehouse: 
Permitted
Desktop Backup (Powered by Code42): 
Permitted
MiDesktop: 
Permitted
Digital Signage: 
Not Permitted
Echo360 - Lecture Capture and LectureTools: 
Not Permitted
eResearch: 
Permitted
Globus: 
Permitted
Amazon Web Services GovCloud at U-M: 
Permitted
Amazon Web Services (AWS) at U-M: 
Permitted
Google Non-Core Services: 
Not Permitted
Google Drive at U-M: 
Permitted
Google Mail and Calendar at U-M: 
Permitted
Google at U-M Core Services: 
Permitted
MiDatabase: 
Permitted
MiServer: 
Permitted
MiShare: 
Permitted
MiStorage CIFS with AWS S3 Cloud Storage Integration: 
Permitted
MiStorage (NFS): 
Not Permitted
MiVideo: 
Permitted
MiWorkspace: 
Permitted
Personal Accounts: 
Not Permitted
Personally Owned Devices (phone, tablet, laptop, etc.): 
Permitted
Qualtrics: 
Permitted
ServiceNow at Michigan Medicine: 
Permitted
MiBackup: 
Permitted
Turbo Research Storage (NFS): 
Not Permitted
Turbo Research Storage (NFSv4+Kerberos or CIFS): 
Permitted
Michigan Medicine Exchange/Outlook Email and Calendar: 
Permitted
Document Imaging System: 
Permitted
E-signature Service - SignNow: 
Permitted
Piazza Q&A: 
Not Permitted
Gradescope: 
Not Permitted
Electronic Research Notebook at U-M: 
Permitted
Microsoft Azure at U-M: 
Permitted
Google Cloud Platform at U-M: 
Permitted
Perusall: 
Not Permitted
Secure Enclave Service (formerly Yottabyte Research Cloud): 
Permitted
Microsoft Office 365 at U-M: 
Not Permitted
Armis2: 
Permitted
Great Lakes Cluster: 
Permitted
Adobe Cloud Storage: 
Not Permitted
Zoom at U-M: 
Permitted
TeamDynamix at U-M: 
Permitted
Dropbox at U-M: 
Permitted
Virtru at U-M: 
Permitted
Microsoft Teams at U-M: 
Not Permitted
Denodo at U-M: 
Permitted
Slack at U-M: 
Permitted
Microsoft 365 at Michigan Medicine: 
Permitted
Lighthouse HPC Cluster: 
Permitted
MyDataHelps: 
Not Permitted
REDCap MICHR Academic License: 
Not Permitted
GitHub Enterprise SaaS: 
Permitted