These definitions are only in reference to data access.
Unit heads or individuals delegated authority in accordance with
established procedures by unit heads
or higher level management in their organizational reporting chain
to authorize and initiate access requests.
Senior administrative officers of the Institute responsible for
managing information resources while conducting Georgia Tech business.
The Provost and Vice President for Academic Affairs and the Senior Vice
President for Administration and Finance are Chief Data Stewards of
Institute Data.
A person responsible for managing the Institute-wide catalog of
information about official Institute Data and access privileges.
Individuals designated by the Data Stewards to coordinate data access
for subsets of data, maintain records of authorized Data Users, and
serve as contact points for the Institute Data Administrator(s).
Examples of "subsets of data" include Employee Data, Student Data,
Auxiliary Services Data, Financial Data, and Research Accounting Data.
Those identified by the Chief Data Stewards to manage a subset of data (i.e., they are responsible for its accuracy, integrity, privacy, and security).
Georgia Tech employees who are authorized to access Institute Data in the performance of assigned duties.
A logical collection of data elements, possibly from multiple physical databases, that are assembled and presented according to a defined set of rules.
A data element is considered Institute Data if it satisfies one or more of the following criteria:
- It is relevant to planning, managing, or auditing a major
administrative function at Georgia Tech; or
- It is referenced or required for use by more than one
organizational unit; or
- It is included in an official Georgia Tech administrative
report; or
- It is used to derive an element that meets the criteria above.
The Chief Data Stewards apply these criteria to identify Institute Data.
A fundamental workgroup identified in the official organizational chart
of the Institute.
An individual responsible for direct oversight of a Unit.
The following guidelines shall be used to determine access to Institute Data by employees conducting official Georgia Tech business:
- Inquiry-type access to official Institute Data will be as open as possible to individuals who require access in the performance of official Institute business without violating legal, federal, or State restrictions. Compelling justification is required to limit inquiry access to any data element.
- Every Data User granted create and/or update privileges is responsible for their actions while using these privileges. That is, all campus units are responsible for the official Institute Data they originate, update, and/or delete.
- Any individual granted access to Institute Data is responsible for the ethical usage of that data. It will be used only in accordance with the authority delegated to the individual to conduct official Georgia Tech business.
It is important to provide necessary access to Institute Data. This, coupled with prudent distribution of responsibilities for data integrity will enhance the usability and value of Georgia Tech's information resource.
This Policy does not supersede the existing Computer and Network Usage Policy in any respect. Rather, it is intended to be fully compatible with and complementary to all related Institute policies.
This Policy applies to access to Institute Data (as defined above) and is intended to provide a consistent process for employees to obtain necessary access for conducting official Georgia Tech business. This Policy does not address public access to data as specified in the Georgia Open Records Act. Furthermore, this Policy does not apply to notes and records that are the personal property of individuals in the Georgia Tech community, and to data whose primary purpose is scholarly (e.g., instructional material and research notes). In all cases, applicable federal and State statutes and regulations that guarantee either protection or accessibility of Institute records will take precedence over this Policy.
Georgia Tech Institute Data fall into three major categories that are defined as Category I, Category II, and Category III data. The Data Stewards, in consultation with the Data Coordinators, are responsible for defining which data elements and Data Views fall into each category.
Category I data are generally available for querying by all Georgia Tech employees. Examples of this type of data include department and building names.
Category II Data are available only to designated personnel in each unit. The Data Stewards, in consultation with the Data Coordinators, define which data elements and Data Views constitute Category II Data. Such designations will include an explanation of the legal, ethical, security, or other constraint, such as personal privacy rights, that requires this restriction. Permission to access Category II Data may be granted by Authorized Requesters to employees whose position and functional responsibilities require such access for use while conducting official Georgia Tech business. In general, Data Users in each unit will have access to Category II data for the unit itself, and for the units that report to it administratively. An example of this type of data is student academic standing and salary information.
Category III Data are available only to designated personnel who
require access to perform their job functions. Only the Data
Administrator in consultation with the Data Stewards/Coordinators may
grant permission to view, create, or modify Category III Data. Such
designations will include an explanation of the legal, ethical,
security, or other constraints, such as personal privacy rights, that
requires this restriction. Such designations will include a
description of the roles of Data Users that are typically given access
to the data, and the conditions under which access is given or the
limitations that apply to such access. Category III Data includes
broad views of data across organizational lines that are not available
to units for Category II Data. The Data Administrator maintains the
central repository of all such designations. An example of this type
of data includes highly restricted benefits information.
Data Stewards will designate individuals to coordinate Institute Data
access for each data grouping.
The Data Coordinator will maintain
records of authorized Data Users, and serve as contact point for the
Institute Data Administrator(s). The Data Coordinator will inform the
appropriate Data Administrator on a timely basis of changes that affect data
access. Employees may request access to data through a designated
Authorized Requester. Procedures for requesting data access will be
provided by the Institute's Data Administrator.
Data Users may request that the Data Stewards and Chief Data Stewards
review the restrictions placed on a data element or Data View. All
such requests will be submitted through an Authorized Requester to a
Data Coordinator. The appropriate Chief Data Steward makes final
appeal on matters of data restrictions and requests for access rights
to Institute Data.
Documentation of data elements and their appropriate use is the
responsibility of the Data Stewards, Data Coordinators and the
Institute's Data Administrator(s).
Guidelines and training will be provided for administrators, faculty, managers, and staff to ensure data integrity, system security, and compliance with this Policy as well as other computer and network-related Institute policies. The Data Access Policy will be reflected in the official Georgia Tech Employee Handbook, and each employee at the Institute will be responsible for being familiar with the policy as it relates to his or her position and job duties.
Data Users are expected to respect the confidentiality and privacy of
individuals whose records they access, to observe any restrictions that
apply to data to which they have access, and to abide by applicable laws or policies with respect to access, use, or disclosure of information. Expressly forbidden is the disclosure or distribution of Institute Data in any medium, except as required by an employee's job responsibilities. Also forbidden is the access or use of any Institute Data for one's own personal gain or profit, for the personal gain or profit of others, or to satisfy one's personal curiosity or that of others.
Violations of the policy are dealt with seriously. Violators are subject to the loss of data access privileges, as well as applicable Georgia Tech disciplinary procedures.