adam's notes

Data Security Roles

Data owner is a business leader with overall responsibility for data.

  • is usually the department head or business unit manager that has created or collected the dataset
  • set policies and guidelines for their datasets
  • have final authority over a dataset
  • is accountable for the data
  • GDPR uses the term data controller
  • from cloud perspective, cloud customer is usually the data owner

Data controller determines the reasons for processing personal information and directs the methods of processing that data.

Data protection officer (DPO) processes the personal data of staff, customers, providers, or any other individuals in compliance with applicable data protection rules.

Data steward handles the day-to-day data governance activities.

  • carriers out the data owner/controller’s intent
  • delegated responsibility by data owners/data controllers
  • tasked with ensuring the data’s context and meaning are understood
    • ensure the data is used properly

Data custodian is responsible for managing data and are the ones who actually store and process information.

  • often are IT staff
  • responsible for backup, security, and compliance issues
  • do not have controller or steward responsibility

Data users work with information in their jobs on a daily bases.

  • are analysts, customer reps, managers, and others who work with the data regularly

Data subjects are the individuals referred to in collected data.

Data processor is a service provider (third party) that processes information on behalf of a data controller (the organization).

  • processing is anything that can be done to data
    • e.g., copy, print, destroy, edit
  • from international law perspective, the cloud provider is a data processor
  • do not necessarily have direct relationship with data owner

Graph View

Backlinks