Data Type Description
Personally Identifiable Information (PII) is a category of sensitive information that is associated with an individual person, such as an employee, student, or donor. PII should be accessed only on a strictly need-to-know basis and handled and stored with care.
PII is information that can be used to uniquely identify, contact, or locate a single person. Personal information that is “de-identified” (maintained in a way that does not allow association with a specific person) is not considered sensitive. Note that UMID numbers by themselves are not considered sensitive or personally identifiable information. While Social Security numbers are a type of PII, the legal requirements for protecting them are much more stringent than for other PII.
University policies, contractual obligations, and information security laws and regulations require appropriate protection of PII that is not publicly available. These regulations apply to PII stored or transmitted via any type of media: electronic, paper, microfiche, and even verbal communication.
PII does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records.
Data Stewards: Human Resources, Information Assurance
Examples
For Everyone at U-M:
- National ID number
- Passport number
- Visa permit number
- Driver's license number
- Bank account numbers
- Disability status
- Ethnicity
- Gender
- The location of an individual at a particular time
- Web sites visited
- Materials downloaded
- Any other information reflecting preferences and behaviors of an individual
- Internet Protocol (IP) address (source and destination) in conjunction with other PII. IP address may identify an individual originating a transaction as well as the recipient.
- Photos
For Employees:
- Biographic/demographic data
- Date and location of birth
- Country of citizenship
- Citizenship status
- Marital status
- Military status
- Criminal record
- Home address
- Grievance information
- Disciplinary records
- Leave-of-absence reason
- Payroll and benefits information
- Health information (There are additional restrictions on where Protected Health Information can be stored and shared.
For Students:
For Donors:
- Biographic/demographic data
- Contact information
- Prospect data
- Gift and gift-planning data