Do you work with sensitive data? Any time you are thinking about using a storage or collaboration service for sensitive university data—whether in the cloud or at U-M:

• Check the Sensitive Data Guide first to see which services are approved for your data type.
• If the service you want to use is not listed in the guide, ask Information Assurance about appropriate use by contacting the ITS Service Center.

A U-M login does not equal approval

Just because you can log in to a service using your U-M uniqname and UMICH (Level-1) or Michigan Medicine (Level-2) password does not mean that service can be used for sensitive university data. Different sensitive data types have very different legal and regulatory compliance requirements. The university offers access to a variety of services to meet different needs.

Permitted services may have additional requirements

You have a responsibility to use permitted services in ways that comply with legal and regulatory compliance requirements. For example, you must use a shared account when using U-M Box to store sensitive data.

Always check the guide

In short, always check the Sensitive Data Guide before using any service with sensitive university data—and only use services approved for your data type. Please ask those you work with to do likewise.