1. A Data Steward must assign each “Data Regulation Categorization” to a Data Element.
2. A Data Steward must assign each “Data Regulation Categorization” to a Data Sub-Domain, which may be derived by choosing the highest requirements categorization from Data Elements within the Data Sub-Domain.
3. An Associate Data Trustee must assign each “Data Regulation Categorization” to a Data Domain, which may be derived by choosing the highest requirements categorization from its Data Sub-Domains.
4. A System Owner must assign each “Data Regulation Categorization” to an Information System, which may be derived by choosing the highest requirements categorization from the Organizational Data within the Information System.
5. A report or a data set that contains Organizational Data may indicate the “Data Regulation Categorization(s)” in order to communicate to its intended audience the type of requirements the report or data set contains.

The “Data Regulation Categorization” indicates which, if any, local, USG, state, federal, and international laws or regulations may apply to Organizational Data and Information Systems. This categorization also may indicate if additional specifications are required due to grants, contracts, or other agreements entered into by, or for the benefit of, Georgia Tech. The following categorizations are available:

1. An individual must submit a request to add a new categorization, change the name and/or definition of an existing categorization, or deprecate the use of an existing categorization to the Data Governance Committee. The request must include:
   1. Name of the categorization (proposed name if new or changing)
   2. Definition of the categorization (proposed definition if new or changing)
   3. Reason the modification is requested
2. The Data Governance Committee will review the request and determine if further discussion is required with the requestor or others involved with the request.
3. If approved, the Data Governance Committee will notify the requestor and publish the change to the official list of approved “Data Regulation Categorization” choices on the website. Inventories that rely upon “Data Regulation Categorization” (e.g., Data Element Dictionary) will be updated.
4. If not approved, the Data Governance Committee will articulate the rejection and send it back to the requestor.

Regulated Organizational Data may include requirements that surpass the minimum protections required for Protected Data as outlined in Cyber Security’s Data Protection Safeguards and Protected Data Practices. The Regulated Organizational Data must adhere to the highest requirements when combining protections from Cyber Security’s requirements and the regulation’s requirements. Please see Cyber Security’s Data Protection Safeguards and Protected Data Practices for more information.

Yes. Organizational Data may be disclosed under the Georgia Open Records Act subject to requirements and exceptions noted in the law. Please contact Institute Communications for more information.

Yes. Organizational Data may be exempt from disclosure under the provisions of the Georgia Open Records Act or other applicable state or federal laws. Specifications contained in Georgia Tech grants, contracts, and other agreements entered into by, or for the benefit of, Georgia Tech may also provide exemptions from disclosure.