The Universal Facts About How Data Responsibilities Work, In All Organisations – Part 1 of 5
Whilst I know many people have written articles on the topic of data responsibilities, in this series of posts I will present a slightly different and simpler spin on how responsibilities for data work in most organisations, plus a few pointers for things companies can do to make data management roles even more effective.
Please read my Disclaimer by clicking here.
The great thing is, working out who is responsible for data is extremely simple and is based on the fundamental way that any organisation works. "Data ownership" and related concepts make a lot more sense when they are understood in the context of established foundations of responsibility for data.
Even better than this is the fact that the basic responsibilities of anyone in relation to data are universally the same in all organisations. The way it works is so amazingly straightforward, in some ways it's astounding that the basic facts that apply to every company, anywhere in the world, are not more widely recognised.
So, in this post, I'm going to provide a very simple and clear explanation of how responsibility for data works in any organisation. In the following posts I'll then briefly touch on some other ownership structures before explaining how the data roles (owner, steward, custodian) can fit with the way that any organisation operates.
Whoever they are, they are responsible for capturing the data that they capture. If they decide not to fill in one of the mandatory fields, that's up to them. If they mis-spell something, that's not anyone else's fault.
Just think about this scenario for a moment. There’s no-one else who could possibly be held responsible for what they decide to do. The organisation that they work for may be able to provide them with better systems or forms, with validation that doesn't allow them to make some mistakes, and may provide them with more training and support; but ultimately, when it comes down to the action of capturing the data, it's their responsibility.
Expanding that out for a moment, the way in which they handle the data is their responsibility too. If they decide to take a copy out of the office and leave it somewhere insecure, or to send it to someone who shouldn't have access to it, they are responsible for that.
What about if they are given data by someone else? Maybe they've received a partially complete form and are using the data that they have been given to perform some calculations and are capturing more data in the rest of the form. Are they responsible for the data that they received?
No, clearly not. The person who captured the data before them was responsible for it when they captured it. However, from the point that someone receives data, they become responsible for what they do with it. If they spot that the data is inaccurate, then they can either choose to take that into consideration (and either contact the person they received it from, or log and escalate the issue, or seek to correct it somehow); or could decide to knowingly use the data, despite the fact that it's wrong. That decision is their responsibility.
This leads to a similar question: what about when they pass the data onto someone else?
At the point that they pass the data onto someone else, their decision to pass it on, who they are passing it onto and whether or not they notify the person (or system, or process, or whatever) that they are passing it onto of the shortcomings in the data, is up to them. It's their responsibility. Also, if there are specific ways in which the data should or should not be used, it's up to them to make that clear when they're passing it on.
Once the data is passed on somewhere else, it's no longer in their control. They cannot be held responsible for things that they don't do to the data, but they absolutely are responsible for everything that they did with the data when they had it, including capturing it, editing it, processing it, storing it, transferring it, deleting it, or passing it onto someone else.
So, we have now established the basic facts of data responsibilities at the lowest level. In summary, if you capture or process data, you are responsible for it while it is in your possession. Time to move up a level...
Please read my Disclaimer by clicking here.
The wonderful truth: establishing who is responsible for data is easy!
It's really common for organisations to struggle with concepts such as "data ownership", "data stewardship", "data custodianship" and the like. When these ideas are introduced, they are often met with resistance, especially when they are communicated as something "new" that need to be done in addition to people's "day jobs".The great thing is, working out who is responsible for data is extremely simple and is based on the fundamental way that any organisation works. "Data ownership" and related concepts make a lot more sense when they are understood in the context of established foundations of responsibility for data.
Even better than this is the fact that the basic responsibilities of anyone in relation to data are universally the same in all organisations. The way it works is so amazingly straightforward, in some ways it's astounding that the basic facts that apply to every company, anywhere in the world, are not more widely recognised.
So, in this post, I'm going to provide a very simple and clear explanation of how responsibility for data works in any organisation. In the following posts I'll then briefly touch on some other ownership structures before explaining how the data roles (owner, steward, custodian) can fit with the way that any organisation operates.
Starting at the bottom
When dealing at an individual level, responsibility for data is obvious. Let's say we're dealing with someone working in a call centre or in a shop or some other role that involves capturing data. They may have a hard copy paper form that they're filling in, or may be typing data directly into a system.Whoever they are, they are responsible for capturing the data that they capture. If they decide not to fill in one of the mandatory fields, that's up to them. If they mis-spell something, that's not anyone else's fault.
Just think about this scenario for a moment. There’s no-one else who could possibly be held responsible for what they decide to do. The organisation that they work for may be able to provide them with better systems or forms, with validation that doesn't allow them to make some mistakes, and may provide them with more training and support; but ultimately, when it comes down to the action of capturing the data, it's their responsibility.
Expanding that out for a moment, the way in which they handle the data is their responsibility too. If they decide to take a copy out of the office and leave it somewhere insecure, or to send it to someone who shouldn't have access to it, they are responsible for that.
What about if they are given data by someone else? Maybe they've received a partially complete form and are using the data that they have been given to perform some calculations and are capturing more data in the rest of the form. Are they responsible for the data that they received?
No, clearly not. The person who captured the data before them was responsible for it when they captured it. However, from the point that someone receives data, they become responsible for what they do with it. If they spot that the data is inaccurate, then they can either choose to take that into consideration (and either contact the person they received it from, or log and escalate the issue, or seek to correct it somehow); or could decide to knowingly use the data, despite the fact that it's wrong. That decision is their responsibility.
This leads to a similar question: what about when they pass the data onto someone else?
At the point that they pass the data onto someone else, their decision to pass it on, who they are passing it onto and whether or not they notify the person (or system, or process, or whatever) that they are passing it onto of the shortcomings in the data, is up to them. It's their responsibility. Also, if there are specific ways in which the data should or should not be used, it's up to them to make that clear when they're passing it on.
Once the data is passed on somewhere else, it's no longer in their control. They cannot be held responsible for things that they don't do to the data, but they absolutely are responsible for everything that they did with the data when they had it, including capturing it, editing it, processing it, storing it, transferring it, deleting it, or passing it onto someone else.
So, we have now established the basic facts of data responsibilities at the lowest level. In summary, if you capture or process data, you are responsible for it while it is in your possession. Time to move up a level...
Comments
Post a Comment