Search the business manual

• Introduction
• 1.0: Accounting Principles and Definitions
• 2.0: Chart of Accounts
• 3.0: Purchasing and Contracts
• 4.0: Travel
• 5.0: Payroll
• 6.0: Accounts Payable
• 7.0: Capitalization
• 8.0: Budget Process
• 9.0: Banking and Investments
• 10.0: Accounts Receivable
• 11.0: Inventory
• 12.0: Protection and Security of Records
  • Section 12 Introduction
  • 12.1 Purpose
    • 12.1.1 Scope and Restrictions
    • 12.1.2 Institutional Data Definition
    • 12.1.3 System Data Definition
  • 12.2 Data Governance and Management Structure
    • 12.2.1 Chief Data Officer
    • 12.2.2 Data Owner
    • 12.2.3 Data Trustees
    • 12.2.4 Data Stewards
  • 12.3 Data Classification
    • 12.3.1 Unrestricted Data
    • 12.3.2 Sensitive Data
    • 12.3.3 Confidential Data
  • 12.4 Data Access
    • 12.4.1 Data Access
    • 12.4.2 Data Documentation
  • 12.5 Privacy and Security
    • 12.5.1 Family Education Rights and Privacy Act (FERPA)
    • 12.5.2 Health Insurance Portability and Accountability Act of 1996 (HIPPA)
    • 12.5.3 Electronic Communications Privacy Act (ECPA)
    • 12.5.4 USA Patriot Act
    • 12.5.5 TEACH Act
    • 12.5.6 Gramm – Leach – Bliley Act (GLBA)
    • 12.5.7 Computer Fraud and Abuse Act (CFAA)
• 13.0: Financial Management and Information Systems
• 14.0: Agency Funds
• 15.0: Auxiliary Enterprise Funds
• 16.0: Audits
• 17.0: Affiliated Organizations
• 18.0: Major Repair and Rehabilitation Funds and GSFIC Projects Managed By Institutions
• 19.0: Miscellaneous
• 20.0: Required Reports
• 21.0: Study Abroad Programs
• 22.0: Federal Stimulus Funds
• 23.0: Unrelated Business Income (UBI)
• 24.0: Student Fees
• Updates and Revisions

12.3 Data Classification

By default, all institutional data will be designated as internal data for use within an institution or to satisfy institution external reporting requirements to the USG Board of Regents (BOR), and to State, Federal, or other external agencies. Institution employees will have access to these data for use in the conduct of institution business. These data, while available within the institution, are not designated as open to the general public unless otherwise required by law. The permission to view or query institutional data should be granted to all data users for all legitimate institution purposes.

As part of the data definition process, data stewards will assign each data element and each data view in institutional data to one of three categories: unrestricted, sensitive, and confidential.

Note: In some circumstances, as long as specific identifying data elements are removed, a data view may include elements of institutional data that would otherwise be sensitive or confidential.

12.3.1 Unrestricted Data

Where appropriate, data stewards may identify institutional data elements that have no access restrictions as available to the general public. These data will be designated as unrestricted or public data.

return to top

---

12.3.2 Sensitive Data

Where necessary, data stewards may specify institutional data elements as sensitive data for which users must obtain specific authorization to access since the data’s unauthorized disclosure, alteration, or destruction will cause perceivable damage to the institution.

The specification of data as sensitive should include reference to the legal or externally imposed constraint that requires this restriction, the categories of users typically given access to the data, and under what conditions or limitations access is typically given.

Note: It is assumed that all administrative output from the central administrative systems is classified as sensitive unless otherwise indicated.

return to top

---

12.3.3 Confidential Data

Where required, data stewards may identify institutional data elements as confidential, for which the highest levels of restriction should apply due to the risk or harm that may result from disclosure or inappropriate use.

This includes information whose improper use or disclosure could adversely affect the ability of the Institution to accomplish its mission, records about individuals requesting protection under the Family Educational Rights and Privacy Act of 1974 (FERPA), or data not releasable under the Georgia Open Records Act or the Georgia Open Meetings Act.

return to top

---

Contact Us

270 Washington Street, S.W.,
Atlanta, GA 30334
U.S.A.

Website Information

• Privacy Policy
• Accessibility
• Compliance & Ethics Reporting

Academics

• Academic Planning
• Academic Programs
• Educational Access and Success
• Faculty Affairs
• Health Workforce Planning & Analysis
• Information Technology Services
• Research & Policy Analysis
• Student Achievement
• Student Affairs

Administration

• Facilities
• Fiscal Affairs
• Georgia Public Library Service
• Human Resources
• Legal Affairs
• Strategic Planning

External Affairs

• Business Development
• Customer Focus
• Economic Development
• Government Relations
• Media & Publications

Board of Regents

Chancellor

Internal Audit & Compliance

USG Institutions

Newsroom

Policies & Reports