Personally Owned Devices (phone, tablet, laptop, etc.)
Description of Service:
Any mobile phone, tablet, laptop, or other computing device that is personally owned, including devices subsidized by the university.
Description of Compliance:
U-M recognizes that those who do work on its behalf may need to access or maintain sensitive university data on their own devices. Security of Personally Owned Devices that Access or Maintain Sensitive Institutional Data (SPG 601.33) guides this use. Departments and units have discretion to prohibit this use or impose additional requirements beyond those outlined in the policy. The U-M Health System (UMHS), for example, requires registration with a mobile device management system for those who wish to access their UMHS email on personal devices.
If you have not been informed about implementation of SPG 601.33 within your department, do not use your own devices to work with university data without first checking with your department.
- If your department or unit has informed you that you may work with university data using your own devices, it is your responsibility and obligation to properly manage and secure your personal device(s) to reduce the risk of unauthorized access to, or disclosure, of university data.
The U-M Safe Computing website provides tips for securing your personal devices:
Key: Storage Permission Levels
Permitted with IIA Consultation
For IIA consultation, please contact the ITS Service Center
Using Personally Owned Devices (phone, tablet, laptop, etc.) with Data
Personally Owned Devices (phone, tablet, laptop, etc.) has the following Sensitive Data restrictions....
- Attorney/Client Privileged Information
- IT Security Information
- Other Sensitive Institutional Data
- Private Personal Information (PPI)
- Protected Health Information (HIPAA)
- Sensitive Identifiable Human Subject Research
- Student Education Records (FERPA)
- Student Loan Application Information (GLBA)