Overview
This lecture explains different data responsibility roles in an organization and how they interact to manage, use, and protect data.
Data Owner
- Data owner is usually a higher-level manager responsible for broad oversight of specific data sets.
- Examples include Vice President of Sales for customer relationship data, and treasurer for all financial information.
- Data owners oversee all aspects of their data, including how it is managed and protected.
- They are ultimately accountable for all data associated with their particular role or functional area.
Examples of Data Owners
| Role | Data Owned |
|---|
| Vice President of Sales | Customer relationship data |
| Treasurer | Financial information |
Data Controller
- Data controller manages how data will be used within the organization.
- This role decides purposes and methods for processing the data.
- Data controller typically provides instructions to the data processor on how to handle the data.
- Example: Payroll department acts as data controller for employee payroll information.
Data Processor
- Data processor is the role that actually processes or uses the data as instructed.
- Follows the data controller’s directions for handling and processing data.
- Example: External payroll company processing weekly payroll using employee and bank details.
- Data processor has access to user information and banking details to carry out tasks.
Controller vs Processor Example
| Role | Example Entity | Main Responsibility |
|---|
| Data Controller | Payroll department | Decides how payroll data is used and processed |
| Data Processor | Payroll company | Executes payroll using provided data and instructions |
Data Custodian / Data Steward
- Data custodian (or data steward) is assigned to specific types or sets of data.
- Responsible for the security of the data, ensuring it is protected from unauthorized access.
- Ensures data is accurate and remains private for authorized users only.
- Ensures the organization complies with relevant laws and regulations related to that data.
- May assign sensitivity labels to data, such as confidential or internal, based on requirements.
- Connects sensitivity labels to access control rules so only appropriate users can access certain data.
- Often determines which specific users have access to which specific types of data.
Data Custodian Responsibilities
| Responsibility Area | Description |
|---|
| Security | Protects data from unauthorized access and misuse |
| Accuracy | Ensures data is correct and reliable |
| Privacy | Maintains confidentiality of sensitive data |
| Compliance | Aligns data handling with laws and regulations |
| Sensitivity Labeling | Assigns sensitivity levels and links them to access controls |
| Access Decisions | Decides which users can access which types of data |
Key Terms & Definitions
- Data Owner: Higher-level individual ultimately responsible for a specific body of organizational data.
- Data Controller: Role that decides how data is used and provides instructions for processing.
- Data Processor: Role or entity that processes data according to the controller’s instructions.
- Data Custodian / Data Steward: Role responsible for data security, accuracy, privacy, compliance, and access control.