U-M Data Classification Levels

All U-M institutional data is classified into one of the four classifications or sensitivity levels described below: Restricted, High, Moderate, and Low. For more detail, see:

Restricted

  • Disclosure could cause severe harm to individuals and/or the university, including exposure to criminal and civil liability.
  • Has the most stringent legal or regulatory requirements and requires the most prescriptive security controls.
  • Legal and/or compliance regime may require assessment or certification by an external, third party.

High

  • Disclosure could cause significant harm to individuals and/or the university, including exposure to criminal and civil liability.
  • Usually subject to legal and regulatory requirements due to data that are individually identifiable, highly sensitive and/or confidential. 

Moderate

  • Disclosure could cause limited harm to individuals and/or the university with some risk of civil liability.
  • May be subject to contractual agreements or regulatory compliance, or is individually identifiable, confidential, and/or proprietary. 

Low

  • Encompasses public information and data for which disclosure poses little to no risk to individuals or the university.
  • Anyone regardless of institutional affiliation can access without limitation.

Applicable University Policies

You are responsible for complying with the policies and standards below. The information on this page help you meet that responsibility.