Business Procedures Manual

Fiscal Affairs Division

12.1 Definitions

(Last Modified on August 26, 2021)

This section provides definitions needed to interpret the remainder of Section 12 content.

Attribute Reference is a statement asserting a property of an individual without necessarily containing identity information. For example, the attribute “birthday,” a reference could be “older than 18” or “born in December.”

Attribute Value is a statement asserting a property of an individual. For Example, the attribute “birthday,” a value could be “12/01/1980” or “December 1, 1980.”

Incident is a violation or imminent threat of violation of computer security or data privacy policies, acceptable use policies, or standard computer or privacy security practices.

Data Actions are system, product, or service data life cycle operations, including, but not limited to collection, retention, logging, generation, transformation, use, disclosure, sharing, transmission, and disposal.

Data Domains are high-level categories of Institutional Data for the purpose of assigning accountability and responsibility for the data.

Data Processing (“Processing”) refers to the collective set of data actions.

Data Processing Ecosystem is the relationship and dependency shared between groups of people involved in creating or deploying systems, products or services or any components that process data.

Data Subject is any person whose personal data is being collected, processed, or stored.

De-identification is the process used to prevent an individual’s (Data Subject) personal identity from being revealed. For example, data produced during human subject research might be de-identified to preserve privacy for research participants.

Disassociability is enabling the processing of data or events without association to individuals or devices beyond the operational requirements of the system.

Events, within the context of cybersecurity and data privacy, are questionable or suspicious activities that could threaten the security objectives concerning protected systems or data.

Information Systems (“Systems”) are the technology structure and software that carry out data processing.

Linkability is a possibility of logical association with other information about the individual.

Mission-Critical Systems are systems whose failure or malfunction will result in not achieving organizational goals and objectives. Criteria are a) contains confidential or sensitive data (i.e., personally identifiable information (PII) and other regulated information), or b) serves a critical and necessary function for daily operations, or c) a combination of both protected data and critical function.

Organizations are all USG institutions and the University System Office (USO), which includes the Shared Services Center (SSC), the Georgia Public Library Service (GPLS), the Georgia Archives and the Georgia Film Academy.

Organizational Data (“Data”) are data by, or on behalf of, a USG organization. Organizational Data are information that record facts, statistics or information, which is processed by offices of the organization. Data may be stored electronically or physically. Organizational data may reside in an organizational information system or a third-party system.

Principle of Least Privilege describes privileges to information resources permitting access to only what is necessary for the users to successfully perform their job requirements and assigned tasks.

↑ Top