Who owns your information

The terms information governance, data governance, cloud storage, and information silos are frequently used today. Even though there are numerous approaches to dealing with the issues raised by all of the above, one issue persists. Who is the data owner? You’ll discover the who is frequently arbitrary and subject to alteration depending on particular circumstances. 

We have divided it into internal and external data, as well as the different ownership issues that could arise and advice on how to handle them. 

Internal 

It is not difficult to locate the information’s owners within the company. First, unless you have commitments to customers, the business normally controls the data you create. The information is also owned or managed by a responsible person group within your organisation. Management and ownership are quite different things. Working with the owner to ensure that everyone is aware of how the data is managed is vital once ownership has been established. Here are a few illustrations and suggestions for working with internal departments that may possess and administer the information. 

Legal 

It is typical for the legal department or general counsel to have a “keep everything” approach if they possess or administer the information. Check to see if the information needs to be maintained, and if not, apply your retention policies to it. A best practice is to have a lawyer or general counsel approve any holds, destruction, or disposition actions to make sure nothing is kept any longer than is necessary. 

Technology 

If the CIO or IT department owns or manages the information, it is highly likely that they are aware of its location but not its purpose, or they may not be in charge of managing the regular data flows. Their task will probably be to maintain the systems, repair damaged components, safeguard against attacks, and work on IT projects. One can help the IT department save on storage and reduce risk by deleting data that is no longer needed and archiving data that does not need to be on digital storage. 

Record Management 

The record management team frequently has control over the storage of physical records. They could be in charge of a record centre or collaborate with a third party who stores records. Knowing who has access to and ownership of the index or other metadata related to the records is crucial if they are the owners and managers. Retention best practices can be utilised to minimise risk, conserve space, and lower storage costs by working with facility operators and potentially IT since they are probably more concerned with access and space than retention or data management. 

External 

Owners of data and information may get much-needed respite from vendors who handle their data on an external basis. Using a vendor to keep your physical or digital data can frequently provide important benefits like saving space, lower storage costs, and improved security. The risk now shifts to the vendor, and if you are the owner of the information, it is your responsibility to make sure the vendor complies with the terms of the contract and industry best practices. 

Agreement 

A contract should have been put in place if you’re working with an outside provider. This contract should include information on the term, price, secrecy, liability limitations, assignment, and other important clauses. It’s critical to comprehend what the vendor considers to be your responsibility and what they consider to be their job. It is also crucial to comprehend the terms of the parties’ data ownership agreements. Ownership of the data, for instance, transfers if you don’t pay your bill. Does the vendor have permission to share your information with outside parties, too? 

Insurance 

It is crucial to confirm that a vendor has insurance to protect your information before you transfer risk to them. You should talk with your vendors about general liability, errors and omissions, and cyber insurance plans before sending them any information. Talk to outside insurance professionals as well to make sure you have the proper protection for your information and data. 

Notification 

It’s critical to know who will be informed when if something goes wrong. Who is notified is frequently specified in an agreement, but this information may change over time. The manner of notification may also be significant. Understanding what the vendor will do with notice in the event of a record loss, theft, or breach will enable you to take the appropriate action to ensure the situation is handled appropriately. 

Social 

Content shared on social media platforms is frequently not the property of the individual or group posting the material. Organizations should be aware of the social media businesses’ user agreements. Posting content on a website controlled by the organisation rather than a social media platform might be preferable.