Data categorizations help inform how data must be properly protected and managed.
Data Protection Categorization
The Data Protection Categorization indicates the minimum level of protections required for Organizational Data and Information Systems based on Georgia Tech’s Protected Data Practices guideline. Additional protection requirements above this minimum may be required if the Organizational Data or Information System is also regulated.
Sensitive Data Categorization
The Sensitive Data Categorization indicates a data element, grouping of data elements, or types of data that are considered sensitive. Organizational Data and Information Systems that contain sensitive data require minimum levels of protection as required and outlined in Cyber Security’s Data Protection Safeguards, Minimum End-point Security Standard, and Protected Data Practices.
Data Regulation Categorization
The Data Regulation Categorization indicates which, if any, local, USG, state, federal, and international laws or regulations may apply to Organizational Data and Information Systems. This categorization also may indicate if additional specifications are required due to grants, contracts, or other agreements entered into by, or for the benefit of, Georgia Tech.
Data Management Categorization
Data Management Categorizations provide additional information Georgia Tech’s Information Systems, Data Domains, and Data Elements. This additional information will provide a high-level overview of the criticality of an Information System should it become unavailable, the impact of Organizational Data should it become inadvertently disclosed, and other indicators used to protect Georgia Tech’s data assets.