Sensitive Data Discovery /

Sensitive Data Discovery

Information Assurance performs Sensitive Data Discovery checks twice a year of MiWorkspace computers and storage to help ensure that sensitive and regulated data is not being stored unnecessarily. Non-MiWorkspace units can request that their computers and networked storage be included in the twice-yearly scans. Unit staff can request Sensitive Data Discovery for their unit through the ITS Service Center.

The checks help you identify files with sensitive data you may have forgotten about and prompt you to review those files to see if they are still needed. They also help the university comply with laws and regulations governing the storage of sensitive and regulated data.

Information Assurance uses a software tool that automatically checks for potentially sensitive information. Our team will work with you and your unit staff to help review the results and take appropriate action.

What the Sensitive Data Discovery Tool Does

The Sensitive Data Discovery tool:

  • Checks for two types of sensitive data: Social Security numbers (SSN) and credit card numbers.
  • Looks for numeric patterns formatted like Social Security and credit card numbers, so it sometimes misidentifies files as sensitive.
  • Does not check Personal and Private folders.
  • Produces a report listing all your files that may contain sensitive data.

The tool can check for additional patterns if that would be helpful to your unit, particularly on Windows machines, file shares, web servers, and database servers. For example, if researchers in your unit want to check for numbers that could potentially be medical record numbers or some other type of number, you can request that.

If Sensitive Data Is Found

If your U-M computer or unit storage is found to contain data that could be sensitive, you will be asked to review a report and take action. You may be contacted by Information Assurance, your unit's Security Unit Liaison, or your unit's IT staff. See Take Action on Your Sensitive Data Discovery Report for details.


Contact your Information Security Lead or Information Assurance via the ITS Service Center.

Applicable University Policies

You are responsible for complying with the policies and standards below. The requirements on this page help you meet that responsibility.