Private Personal Information (PPI)

Private Personal Information (PPI) is a category of sensitive information that is associated with an individual person, such as an employee, student, or donor. PPI should be accessed only on a strict need-to-know basis and handled with care.

PPI is information that can be used to uniquely identify, contact, or locate a single person. Personal information that is “de-identified” (maintained in a way that does not allow association with a specific person) is not considered sensitive. Note that UMID numbers by themselves are not considered sensitive or private personal information.

Appropriate protection of PPI that is not publicly available is required by Laws and Regulations Related to Handling Sensitive Protected Data, contractual obligations, and university policies. These regulations apply to PPI stored or transmitted on any type of media: electronic, paper, microfiche, and even verbal communication.

Frequently Used by: 

Faculty
Staff
Students
Researchers

Category: 

Sensitive

Examples: 

For Everyone at U-M:

  • Social Security number
  • National ID number
  • Passport number
  • Visa permit number
  • Driver's license number
  • Bank and credit/debit card numbers
  • Tax information (e.g., W-2, W-4, 1099)
  • Disability information
  • Ethnicity
  • Gender

For Employees:

  • Biographic/demographic data
    • Date and location of birth
    • Country of citizenship
    • Citizenship status
    • Marital status
    • Military status
  • Criminal record
  • Home address
  • Grievance information
  • Discipline information
  • Leave-of-absence reason
  • Payroll and benefits information
  • Health information

For Students:

For Donors:

  • Biographic/demographic data
  • Contact information
  • Prospect data
  • Gift and gift-planning data

M+Box Core Apps: 

Permitted

M+Google Mail and Calendar: 

Permitted

M+Google Drive (Docs): 

Permitted

M+Google Sites, Talk, Groups, Tasks: 

Permitted

M+Google Additional Services (Non-Core): 

Not Permitted

UMHS Exchange Email and Calendar: 

Permitted

CTools: 

Permitted

Wolverine Access: 

Permitted

MiDatabase: 

Permitted

MiServer: 

Permitted

Desktop Virtualization (VDI): 

Permitted

TSM Backup: 

Permitted

MiWorkspace: 

Permitted

Sitemaker: 

Not Permitted

Virtualization as a Service (VaaS): 

Permitted

Value Storage: 

Not Permitted

Mainstream Storage: 

Permitted

Data Warehouse: 

Permitted

ITS Exchange Email and Calendar: 

Permitted

Desktop Backup (Powered by CrashPlan): 

Permitted

Personally Owned Devices (phone, tablet, laptop, etc.): 

Permitted

Flux: 

Permitted

MiShare: 

Permitted

M Cloud Amazon Web Services (AWS): 

Permitted

Globus: 

Permitted

MiVideo: 

Permitted

M+Box Additional Apps (Non-Core): 

Not Permitted

M Cloud - Amazon Web Services GovCloud: 

Permitted

Qualtrics: 

Permitted

Digital Signage: 

Not Permitted

eResearch: 

Permitted

Blue Jeans Video Conferencing: 

Permitted