Protecting Sensitive Data

Georgia Tech’s Security Services / Protected Data Practice

GT Cyber Security Policy

GT Data Access Policy

GT Data Privacy Policy


  • Do not store or transfer sensitive data using external / cloud services unless they are already approved for the appropriate data categorization level for the service. If you have a question about whether or not a service is approved for use, please send a message to
  • Be careful with email:
    • Make sure that the email address you are sending to has the appropriate recipient(s) and that the address is a address (not an external one).
    • Be careful when you “reply all” to be sure that everyone on the recipient list is meant to receive the message you are sending.
    • Familiarize yourself with GT Cyber Security’s article on How to Avoid Being Phished
      • Also remember to review the GT Cyber Security’s Phish Bowl page for examples of phishing and legitimate messages that have been submitted to the GT Cyber Security team.
  • Mailing lists:
    • If you are a moderator on a mailing list, pay special attention to the content and any attachments of a message before releasing it.
    • The lists should be configured as “moderated, with editor confirmation (moderatedconfirm)” so that all messages going through the list are moderated, including those sent by moderators.  In this configuration, the messages will need to be released by the moderator who sent the message, since the other moderators will not be notified that the message needs to be released.  Be sure to carefully review your message and any attachments for sensitive data before releasing the message.


Campus Services

NOT Approved for Sensitive Data

Approved for Category III Data

External / Cloud Approved Services


Tech Responds to Student Data Disclosure

Last revised on April 29, 2020.