Body
This article will provide an overview of the guidelines that the University uses to answer questions pertaining to what Sensitive Data is, where and when you should use Sensitive Data, and where you should avoid using Sensitive Data.
Intended Audience
This article is for the benefit of the faculty, staff, and students who would like to promote a secure computing environment and ensure that sensitive University data stays within the University.
Requirements
This article is for informational purposes and has no requirements.
What is Sensitive Data?
The University of Michigan follows a three-tiered definition of different kinds of data:
- Public Data:
- This is data that, when disclosed to the general public, poses virtually no risk to the university's reputation, resources, services, or individuals. This information can be readily found on many University of Michigan - Flint websites without logging in. Examples include information found in the University of Michigan Directory or on the University of Michigan - Flint Homepage
- Private or Confidential Data:
- If Private or Confidential data is disclosed without authorization, moderate adverse effects on the University's reputation, resources, services, or individuals could occur. It is safe to assume that all data unless indicated, fits into this category.
- Sensitive Data:
- Unauthorized disclosure of this data could have serious adverse effects on the University's reputation, resources, services, or individuals. This data needs to have the utmost level of protection to ensure its safety. There are two kinds of sensitive data:
- Regulated Sensitive Data: This data is sensitive data that is regulated and protected under federal or state law. Depending on the type of regulated sensitive data and the restrictions already in place, additional measures to protect this data may be needed. Examples of this include Social Security numbers or Protected Health Information (HIPAA).
- Unregulated Sensitive Data: This data is sensitive data that is NOT regulated and protected under federal or state law. However, this data is still extremely delicate due to proprietary, ethical, or privacy concerns. This includes things like your current UMFlint password.
Where should I use Sensitive Data?
Being vigilant about where and when Sensitive Data is accessed and shared is an obligation of all representatives of the University of Michigan and as such best practices are important. A good general rule to follow is that, if you are working within a personal account of any sort, Sensitive Data should not be saved, viewed, or utilized in any way unless absolutely necessary.
UMFlint provides the services below for secure data storage, please review what kind of data can be stored within each resource.
Appropriate places to use or store Sensitive Data:
Inappropriate places to use or store Sensitive Data:
- iCloud
- Google Docs
- Personal Accounts of ANY kind
The University of Michigan - Ann Arbor has created a great tool to determine whether or not it is appropriate to disclose sensitive data and if so, what kinds. It can be found at this link.
Again, disclosing sensitive data on ANY personal account (Dropbox, Google docs, iCloud, etc...) can result in negative consequences for both you, the user, and the University as a whole.
Additional Information
For more information on this topic, you can refer to the University of Michigan - Ann Arbor's comprehensive Sensitive Data Guide.
For more information on different types of sensitive data, the University of Michigan - Ann Arbor has composed a large table of all different types. The data types are listed at the top of Ann Arbor's data guide.
Troubleshooting
If you have any questions or experience any issues with this article, please visit or contact the ITS Helpdesk for assistance.
Location: 206 Murchie Science Building
Hours: go.umflint.edu/hours
Phone: (810) 762-3123
Email: flint.its.support@umich.edu