Regulatory Agencies Inventory and Attributes

Data protection authorities govern personal data. Financial regulators govern financial records. Healthcare regulators govern patient data. Export control authorities govern technical data. Every regulatory domain in this inventory corresponds to data types in the Data and Information Inventory that are subject to that domain’s requirements. The Data and Information Inventory and Attributes is published and available.

The Related Data and Information Types attribute in this inventory is derived from the Data and Information Inventory: all data types whose Regulatory Obligations attribute references obligations from this agency. When this relationship is established, the enterprise can answer: which data types are in scope for a regulatory audit from this agency? Which systems handling those data types must comply with this agency’s requirements? This is the data governance layer of the compliance governance hierarchy — connecting regulatory authority to the specific data the authority governs.

This relationship is also the primary mechanism for connecting regulatory change to data governance impact. When a regulatory agency updates its requirements for a specific data type — changing retention periods, adding new handling requirements, or restricting cross-border transfer — the Related Data and Information Types attribute immediately surfaces all data types affected by the change, enabling targeted impact assessment rather than enterprise-wide compliance review.