About Sensitive Data

Your Responsibility

You are expected to recognize when university data is sensitive.

What Is Sensitive University Data?

What is the data you need to be concerned about when using your own devices?

Sensitive university data refers to:

  • Data whose unauthorized disclosure may have serious adverse effect on the university's reputation, resources, services, or individuals.

Examples of Sensitive Data

Data protected under certain federal or state regulations or due to proprietary, ethical, or privacy considerations will typically be classified as sensitive. This includes student education records, protected health information, Social Security numbers, private personal information, sensitive identifiable human subjects research, and more.

Many data types are obviously sensitive, but there is no exhaustive list you can check to see if a particular data type is sensitive. Context matters. Sometimes data types that aren't sensitive alone can be sensitive in combination. For example, when several pieces of data are used to verify a person's identity, they become sensitive—even if each piece alone is not considered sensitive.

Your passwords are sensitive. Even if you don't store sensitive data on your devices, you likely store your UMICH password (Level-1), which provides access to that data and to U-M systems generally. Choose a strong password and protect it.

Some Data Types Prohibited on Personal Devices

Four sensitive data types are not permitted for use via personally owned devices. You may not work with these data types using your own devices, but must instead use devices owned and secured by the university:

  • Credit Card or Payment Card Industry (PCI)
  • Export Controlled Research
  • Federal Information Security Management Act (FISMA) Data
  • Security camera data


U-M Policy Outlines Four Areas of Responsibility »