Data Protection Roles and Responsibilities

Information Owner — The unit administrative head who is the decision-maker with respect to Information Assets owned by that unit in conducting University business. Except in cases where unit-level control would impede the general usage of information in the University’s mission of discovery, learning and engagement, an Information Owner has decision-making authority over the Information Assets used, managed or regularly accessed in the unit’s administrative functions. The Information Owner interprets and implements standards and procedures for access, availability and safeguarding of Information Assets. The Information Owner may delegate this responsibility to a Data Steward.

Data Steward — An individual assigned by an Information Owner to facilitate the interpretation and implementation of data policies, standards and procedures. The Data Steward works with Information Owners to ensure Information Assets are classified appropriately as it relates to their maintenance, use, protection and distribution. The Data Steward works with Security Officers to enforce the procedures.

Data User — Each individual who uses Information Assets as part of their assigned employment duties or functions complies with standards and procedures for access and protection of Information Assets.

IT Resource Owner - Any person, IT unit or department assigned to or otherwise providing the administrative and physical control and technical support of IT Resources, either on campus or otherwise using University resources, or providing the oversight of third-party hosted or managed IT Resources. The IT Resource Owner is responsible for complying with policies, standards, procedures in supporting IT Resources and ensuring safeguards protecting IT Resources and Information Assets.