This Quicknote will provide an overview of the guidelines that the University uses to answer questions pertaining to what Sensitive Data is, where and when you should use Sensitive Data, and where you should avoid using Sensitive Data.
This Quicknote is for the benefit of the faculty, staff, and students who would like to promote a secure computing environment and ensure that sensitive University data stays within the University.
This Quicknote is for informational purposes and has no requirements.
What is Sensitive Data?
The University of Michigan follows a three-tiered definition of different kinds of data:
- Public Data:
- This is data that, when disclosed to the general public, poses virtually no risk to the university's reputation, resources, services, or individuals. This information can be readily found on many University of Michigan - Flint websites without login. Examples include information found in the University of Michigan Directory or on the University of Michigan - Flint Homepage
- Private or Confidential Data:
- If Private or Confidential data is disclosed without authorization, moderate adverse effects on the University's reputation, resources, services, or individuals could occur. It is safe to assume that all data unless indicated that it fits into another category, fits into this category.
- Sensitive Data:
- Unauthorized disclosure of this data could have serious adverse effects on the University's reputation, resources, services, or individuals. This data needs to have the utmost level of protection to ensure its safety. There are two kinds of sensitive data:
Regulated Sensitive Data: This data is sensitive data that is regulated and protected under federal or state law. Depending on the type of regulated sensitive data and the restrictions already in place, additional measures to protect this data may be needed. Examples of this include Social Security numbers or Protected Health Information (HIPAA).
Unregulated Sensitive Data: This data is sensitive data that is NOT regulated and protected under federal or state law. However, this data is still extremely delicate due to proprietary, ethical, or privacy concerns. This includes things like your current UMFlint password.
Where should I use Sensitive Data?
Being vigilant about where and when Sensitive Data is accessed and shared is an obligation of all representatives of the University of Michigan and as such best practices are important. A good general rule to follow is that, if you are working while being signed in to a personal account of any sort, Sensitive Data should not be saved, viewed, or utilized in any way.
UMFlint provides the services below for secure data storage, please review what kind of data can be stored within each resource.
Appropriate places to use or store Sensitive Data:
Inappropriate places to use or store Sensitive Data:
- Google Docs
- Personal Accounts of ANY kind
The University of Michigan - Ann Arbor has created a great tool to determine whether or not it is appropriate to disclose sensitive data and if so, what kinds. It can be found at this link
Again, disclosing sensitive data on ANY personal account (Dropbox, Google docs, iCloud, etc...) can result in negative consequences for both you, the user, and the University as a whole.
For more information on this topic, you can refer to the University of Michigan - Ann Arbor's comprehensive Sensitive Data Guide
For more information on different types of sensitive data, the University of Michigan - Ann Arbor has composed a large table of all different types. The data types are listed at the top of Ann Arbor's data guide.
If you have any questions or experience any issues with this Quicknote, please visit or contact the ITS Helpdesk for assistance.
206 Murchie Science Building or 3174 William S. White Building
(810)-762-3123 (option 1)