Data Owner Roles and Responsibilities

Purpose

With the adoption of a cloud first technology approach, it becomes more important that the roles and responsibilities of Data Owners are clearly defined. The Coppin State University individual that maintains the relationship or initiated acquiring the cloud application is considered the data owner.

Roles and Responsibilities of Data Owners

The CSU Data Owners are responsible for the following support processes:

• Ensuring accuracy and integrity of the data, which includes the data being up-to-date, complete, relevant for its intended purpose, and is free or, errors and omissions.
• Establishing procedures to verify data accuracy and identify and correct any errors in a timely manner.
• Establishing procedures for security deleting Personally Identifiable Information (PII) data.
• Protecting the data against unauthorized access, theft, loss, or damage.
• Determining who has access to PII data, including ability to query through report writer and how it is used and authorizing access to the data.
• Performing periodic reviews to verify that access to PII data is still needed by individuals and vendors to complete assigned job duties.
• Establishing procedures for sharing and disclosing data and obtaining appropriate authorization, when required.
• Maintaining an inventory of the specific business processes (external and internal) and vendors that require PII data (e.g., SSN) which you are responsible for including the business rationale.
• Complying with laws and regulations related to data privacy and security, such as the Family Educational Rights and Privacy Act (FERPA), Gramm Leach Bliley (GLBA) Student Information Security Act and the Health Insurance Portability Accountability Act (HIPAA) and University System of Maryland Privacy requirements.
• Following established data retention policies and procedures.
• Ensuring data is disposed of in a secure and appropriate manner when it is no longer needed.
• Reporting any data breaches or potential compromises of data to the Coppin State University IT Privacy and Security Officer immediately upon discovery.
• Classifying the data according to its sensitivity and criticality.
• Participating in regular training on data best practices, technical updates, and other topics necessary to keep their skills up to date.

By fulfilling these responsibilities, data owners can help ensure that the university’s data is accurate, secure, and compliant with relevant regulations and policies.

Appendix A: Key Terms

Personally Identifiable Information: Any information that, taken alone or in combination with other information, enables the identification of an individual, including:

• a full name;
• a Social Security number;
• a driver's license number, state identification card number, or other individual identification number;
• a passport number;
• biometric information including an individual's physiological, biological, or behavioral characteristics, including an individual's deoxyribonucleic acid (DNA), that can be used, singly or in combination with each other or with other identifying data, to establish individual identity;
• geolocation data;
• Internet or other electronic network activity information, including browsing history, search history, and information regarding an individual's interaction with an Internet website, application, or advertisement; and
• a financial or other account number, a credit card number, or a debit card number that, in combination with any required security code, access code, or password, would permit access to an individual's account.
• “Personally identifiable information” does not include data rendered anonymous through the use of techniques, including obfuscation, delegation and redaction, and encryption, so that the individual is no longer identifiable.