This material was developed with funding
from the National Science Foundation
Data Roles
This work is licensed with a
Creative Commons Attribution 4.0 International LicenseEndFragment
Information security operations is responsible for monitoring, detecting, investigating, and responding to cyberthreats. Data governance (also called data intelligence) consists of processes and tasks that staff perform within the organization. There are several distinct roles in the Information Security Management process to ensure that individuals and management clearly define and understand critical responsibilities in managing the organization’s information assets.
Introduction
Back
Next
Restart
Data Owner
Data Subject
Data Custodian
Data Controller
Data Processor
Data Steward
Quiz
Selection Criteria
Creates accountability and ensures that data will be continuously monitored for complianceFocuses on defining policies (like retention or access policies) and standards that ensure the alignment, compliance, legal, or contractual requirementsHelps to gain the trust of customers, partners, and management
As organizations strive to put the appropriate governance framework in place, redundancies are eliminated with a clear understanding of data ownership.
Shared
Restricted
Responsibilities
The data owner in an organization has the legal right and ability to create, change, restrict, or share any piece or set of data. This is also the individual with rights and responsibilities for that data.
What is Data Ownership?
The explicit assignment of owners to every data asset or system in the organization.
Who can be a Data Owner?
Individuals or teams who make decisions such as how the data is used, who has the right to access it, and who can edit it.
Who Owns the Data?
An organizations owns the data it posesses, collects, builds, or manages. However, the question of ownership may involve legal, contractual, or compliance considerations.
Created
Registrar and student dataTreasurer and financial dataVice President of Human Resources and employee data
Examples
Click on each button
Changed
Information Technology department team membersApplication Development team members
Implements business rulesSafely stores, transports, and archives the organization’s data assets
The data custodian has technical control over an information asset.
System AdministratorsSystem EngineersInformation Technology Specialists
Data Processing SpecialistAccount ClerksHuman Resource SpecialistsMedical Records/Healthcare CoordinatorService provider acting on behalf of the organization
An employee or a third-party that the data controller chooses to process the data. Processors act on behalf of the relevant controller and under his or her authority.
Data Processing
Cycle
The data processor oversees the data assets of individuals or of the organization throughout the four main stages of the data processing cycle: collection, input, processing, and output.
The design, creation, and implementaion to data assets and systems that enable the organization to collect, update, process, maintain, and delete data assets. Data Processors do not have any responsibility or control over that data asset.
Collecting Data
Solving Problems
Ensures the quality of the data supports the organization’s goals and objectivesCollects, collates, and evaluates issues and problems with data
Collating Data
The Data Steward is maintains data control in data governance and mastering data management initiatives on a day-to-day basis. This includes collecting, collating, and evaluating issues and problems with data.
Data Steward
Data Processing SpecialistAccount ClerksHuman Resource SpecialistMedical Records/Healthcare CoordinatorA service provider acting on behalf of the organization to process data assets
Evaluating Data
Utilizes an organization's data governance processes, policies, guidelines and responsibilities for administering an organization's entire data in compliance with policy and/or regulatory obligations.
Protects the privacy and rights of the data’s subjectDictates how the data will be used by the organization
A bank (data controller) hires an IT services company (data processor) to store archived data. The bank still controls how and why the data is used and determines its retention period.A brewery contracts a payroll company to pay employee wages. The brewery (data controller) determines when wages are paid, when raises are given, or when an employee is terminated. The payroll company is the data processor.
Data deletion request
The data controller dictates the procedures and purpose of data usage. Data controllers need to establish a legal precedent for collecting the data and create a privacy policy that outlines the purpose of data collection and the entities with who the data is shared. Data controllers also need to take steps to secure data, such as encryption and pseudonymization, stability and uptime, backup and disaster recovery, and regular security testing.
Remove Data
Familiar with regulations and compliance lawsKnowledge of contractual requirements
EmployeesCustomersMembersBuyersBusiness Partners
A data subject is any individual who can be pinpointed, directly or indirectly, via an identifier such as a name, an ID number, location data, or via factors specific to the person’s physical, physiological, genetic, mental, economic, cultural, or social identity.
Click on the button
Social Engineering
Dictates how the data will be used by the organization
Creates accountability and ensures that data will be continuously monitored for compliance
Great Job!
Collects, collates, and evaluates issues and problems with data
Data Roles:
Drag and drop the data role to its responsibility
Safely stores, transports, and archives the organization’s data assets
Ensures the quality of data supports the organization’s goals and objectives