If you have access to sensitive information, you must safeguard it from damage, loss, misuse, or unauthorized disclosure. There are two levels of sensitive information, known internally as “Internal Use Only” and “Restricted” information. Internal Use Only information includes, but is not limited to, academic information about CWRU students, business and financial matters, and fundraising and alumni issues. Examples of Restricted information include personal information about students, faculty and staff, such as names and Social Security Numbers; patient medical and health information; electronic personal healthcare information (ePHI); and research and technology initiatives considered to be university-owned, intellectual property. The CWRU policies that describe appropriate levels of safeguards around Internal Use Only and Restricted information are described in the Tier III Controls policy, available at policies.