Who Owns the Data?

With all of the data breaches and accusations of improper data usage in the news these days, the question of who owns data looms large. Understanding who owns which data is a complex question that can’t be answered quickly or easily.

First of all, we must differentiate between public data and private data. One could say that public data is in the open domain and available to everyone. But what makes data public? Is data you post on Facebook now public because it is available to anyone with a browser or the Facebook app? Well, probably not. It is available only to those you have shared the data with on Facebook. But when you put it up on Facebook, then you no longer exclusively own that data … Facebook likely owns it, too.

What about governmental data that is available freely online such as the data at and Well, you can grab that data and use it, but that doesn’t mean you own it, does it? You don’t control that data. If you think the data is wrong, you can change your copy of it but not the original.

Then there are all the data governance and privacy laws and regulations that impact who owns what and how it can be used. It can be difficult to fully understand what all of these laws mean and how and when they apply to you and your organization. This is especially important with General Data Protection Regulation (GDPR) going into effect this year (2018).

But let’s back it up a minute and think just about corporate data. It is not an uncommon question, when working on a new project or application, to ask, “Who owns this data?” That is an important question to have an answer for! But “owns” is probably not the best word choice.

In most cases, corporate data probably belongs to the company, and thus, the company is the owner. Each department within an organization ought to be the custodian of the data it generates and uses to conduct its business. Departments are the custodian because they are the ones who decide who has access to their data, must maintain the integrity of the data they use, and ensure that it is viable for making decisions and influencing executives.

Nevertheless, this answer provides only a partial answer to the question. You really need named individuals as custodians or stewards. These data stewards can be from the business unit or the IT group supporting the business unit. Generally speaking, if stewards are appointed in IT, they should probably not be application developers or DBAs but perhaps data analysts or higher-level IT managers. Application developers are responsible for writing code, and DBAs are responsible for the physical database structures and performance. There needs to be a professional in charge of the accuracy of the actual data in the databases—and a technician is not the best choice.

A good data steward knows the business inside and out, as well as the data used by the business on a daily basis. If you do not have data stewards assigned for all of your business-critical data, then data governance and compliance with regulations like GDPR can be difficult, if not impossible, to achieve.

Here are some things to consider as you approach your plans for establishing data ownership and stewardship:

Understand the data requirements of all current systems, those developed in-house and those you bought. Be sure that you know all of the data interdependencies of your applications and how one application can impact another.

Assess the quality of your existing data in all of your existing systems. It is probably worse than you think it is. Then work on methods and approaches to improve that quality. There are tools and services that can help here.

Redesign and re-engineer your systems if you uncover poor data quality in your current applications and databases. You might choose to change vendors, or re-platform or rehost applications with poor data quality. But if the old data is still required it must be cleansed before using it in the new system.

Work on methods to score the quality of data in your systems, and tie the performance and bonuses of your data stewards to the scores.

If you haven’t thought about data ownership lately—or ever—it is time to start. How does your organization approach data ownership and stewardship?