ENVISION

Data Ownership

Daniel Moyer | October 11, 2020

Daniel Moyer
October 11, 2020

Data is a collection of 1’s and 0’s and are all relevant or irrelevant items of information.  These items are your intellectual property, HR documents, client information, email, etc.  Who owns this?  Who is responsible for protecting it and maintaining it?  In my previous post, What is Light and Dark Data, your business information is either benefiting your business or being kept in the dark, creating potential liability. There are two affiliations to protecting and maintaining data - Data Owners and Data Custodians; which one are you?

Who owns all those 1’s and 0’s whizzing in your network or across the internet? Your Data Owners do. They are leaders in the organization or business owners and are responsible for the budget to protect data and own the liability.  Protection can come in multiple forms; training, agreements, anti-virus, software supported by a vendor, backup products, cybersecurity products, hardware warranties, power protection systems (battery backups), physical protections, policies, and insurance.  The laundry list of protections are all part of the responsibility of a data owner.  At the end of the day, the liability lies with the data owner or, as Jacko Willink states, “Extreme Ownership. Leaders must own everything in their world. There is no one else to blame." When an incident happens, resulting in either mitigation/recovery or loss in data/trust/brand loss is on the data owners. They hold access to the budget.

You may be thinking; yup data owner got it, but what about my internal IT staff or service provider; the ones paid to maintain/protect my data?  Why don’t they take a part of the responsibility pie?  They are the people that enjoy technology and live in it day to day.  Their role is the data custodian; a custodian is a person who has responsibility for or looks after something; in this case, your data.  These data custodians are the team that implements solutions that guard, protect, align to policies, and maintain the data and systems. They will also be your advisor for gaps in data protection and training. Ultimately, the data owner is responsible for asking for known and unknown gaps, understanding of the risks, assigning a budget for mitigation/reduction, and acceptance of risk if unable to address the gaps.

Data owners are the responsible parties to the budget to protect data and own the liability for its loss/business impact due to an incident. Their responsibility is to identify known or unknown gaps in protecting the business data, the risks, and the assignment of budget.  Data owners rely on the Data Custodians that look after and maintain their data and its systems.  The Custodians implement the safeguards, align with the business’s policies, sustain the business data/systems, and advise on known gaps.

Tags: Data, Security, Technology