Personally Identifiable Information (PII)

Personally Identifiable Information (PII) is a category of sensitive information that is associated with an individual person, such as an employee, student, or donor. PII should be accessed only on a strict need-to-know basis and handled and stored with care.

PII is information that can be used to uniquely identify, contact, or locate a single person. Personal information that is “de-identified” (maintained in a way that does not allow association with a specific person) is not considered sensitive. Note that UMID numbers by themselves are not considered sensitive or private personal information.

University policies, contractual obligations, and federal and state laws and regulations require appropriate protection of PII that is not publicly available.  These regulations apply to PII stored or transmitted via any type of media: electronic, paper, microfiche, and even verbal communication.

PII does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records.

Frequently Used by: 

Faculty
Staff
Students
Researchers

Category: 

Sensitive

Examples: 

For Everyone at U-M:

  • Social Security number (There are additional restrictions on where Social Security numbers can be stored and shared.)
  • National ID number
  • Passport number
  • Visa permit number
  • Driver's license number
  • Bank and credit/debit card numbers
  • Tax information (e.g., W-2, W-4, 1099)
  • Disability information
  • Ethnicity
  • Gender
  • The location of an individual at a particular time
  • Web sites visited 
  • Materials downloaded
  • Any other information reflecting preferences and behaviors of an individual 
  • Internet Protocol (IP) address (source and destination) in conjunction with other PII. IP address may identify an individual originating a transaction as well as the recipient.

For Employees:

  • Biographic/demographic data
    • Date and location of birth
    • Country of citizenship
    • Citizenship status
    • Marital status
    • Military status
  • Criminal record
  • Home address
  • Grievance information
  • Discipline information
  • Leave-of-absence reason
  • Payroll and benefits information
  • Health information (There are additional restrictions on where Protected Health Information can be stored and shared.

For Students:

For Donors:

  • Biographic/demographic data
  • Contact information
  • Prospect data
  • Gift and gift-planning data

Andrew File System (AFS): 

Not Permitted

Blue Jeans Video Conferencing: 

Permitted

Canvas: 

Permitted

Cloud Storage Included with Software: 

Not Permitted

CTools: 

Permitted

Data Warehouse: 

Permitted

Desktop Backup (Powered by CrashPlan): 

Permitted

Desktop Virtualization (VDI): 

Permitted

Digital Signage: 

Not Permitted

Echo360 - Lecture Capture and LectureTools: 

Not Permitted

eResearch: 

Permitted

Flux: 

Permitted

Globus: 

Permitted

ITS Exchange Email and Calendar: 

Permitted

M Cloud - Amazon Web Services GovCloud: 

Permitted

M Cloud Amazon Web Services (AWS): 

Permitted

M+Box Additional Apps (Non-Core): 

Not Permitted

M+Box Core Apps: 

Permitted

M+Google Additional Services (Non-Core): 

Not Permitted

M+Google Drive: 

Permitted

M+Google Mail and Calendar: 

Permitted

M+Google Sites, Talk/Hangouts, Groups, Tasks, Classroom: 

Permitted

MiDatabase: 

Permitted

MiServer: 

Permitted

MiShare: 

Permitted

MiStorage (for Some Sensitive Data) with CIFS: 

Permitted

MiStorage with NFS: 

Not Permitted

MiVideo: 

Permitted

MiWorkspace: 

Permitted

Personal Accounts (Dropbox, OneDrive, iCloud, etc.): 

Not Permitted

Personally Owned Devices (phone, tablet, laptop, etc.): 

Permitted

Qualtrics: 

Permitted

ServiceLink: 

Permitted

Sitemaker: 

Not Permitted

Statistics and Computation Service: 

Not Permitted

MiBackup: 

Permitted

Turbo Research Storage with NFS: 

Not Permitted

Turbo Research Storage (for Some Sensitive Data) with NFSv4+Kerberos or CIFS: 

Permitted

UMHS Exchange/Outlook Email and Calendar: 

Permitted

Virtualization as a Service (VaaS): 

Permitted

Armis: 

Permitted

Imaging Services: 

Permitted