Data governance – the differcne between owners and custodians

The concepts of data ownership and custodianship seem to be a constant source of confusion, conversation, and chronic ulcers, spawning questions such as How are they different?  How do we tell them apart?  Where do their responsibilities lie?  What is different about their interactions with the data? And so on.

In truth, they are really quite straightforward, when approached simply.  Following, is the illustrated version.  Those in a hurry, can simply click here.

I have a little girl with an impressive name: Dorothea Adelaide Theresa Aspidistrasa – DATA for short.  As her mother, I think I can safely claim ownership of little Data.  Yes, I definitely own Data.  Unfortunately, the law said that when Data started school, I was obliged to give her into her teacher’s custody for the day. 

However, I had a few rules that Data’s daily custodian needed to know and follow if I was to entrust her with my precious Data. 

And let’s be clear about this: nobody – but nobody – is allowed to make any rules governing Data’s appearance and behaviour but me, unless I say so.  And even then, they still have to run them past me; imagine how my child would turn out if every Tom, Rick and Sally made up random rules for her as they went along?!  Not in this lifetime, they don’t!!  But I digress.

These are the rules I gave Data’s teacher, Miss Custeau D. Airn:

  1. No part of Data might be changed whilst she was at school so they couldn’t cut her hair, for example, or graft on another ear.  (Ha! You laugh!  My neighbours are so lax that their poor child had acquired three extra eyes and lost all his names before first break.  But that’s modern parenting for you…).
  2. Data was not allowed to be taken or sent anywhere I didn’t know about, and give express permission for. Nor was anybody other than Miss Custeau D. Airn allowed any access to Data, unless I had given permission.
  3. Data was allowed to be combined with the other children for playgroups, reading rings etc, provided this didn’t change her in any way (see rule 1).
  4.   Miss Custeau D Airn was allowed to change any aspect of Data’s appearance that was not an integral part of her, so that she might seem to be a different child to the rest of the world. For example, she was free to change Data’s dress for reading ring, her shoes for maths lines, the colour of her socks for playgroup, etc.  Obviously, rule 1 still applied, so Data’s hair, ears and freckles would remain untouched and intact.
  5. Miss Custeau D Airn had an obligation to ensure that Data was kept clean at all times.  (Data is so difficult about being cleaned, that preventing her from getting dirty in the first place is the path of least resistance.  She can be such a stubborn little thing).
  6. Finally, Miss Custeau D Airn was charged with protecting Data from damage or change for as long as Data was in her custody, so that when I (her owner mother) collected her at the end of the day, she was in exactly the same condition as when I left her that morning, except perhaps a teeny bit older.

And boy oh boy, did Data love school!  She met so many children, made lots of friends, joined up with others in so many interesting ways for reading ring, and maths lines, and sports houses and even as the back of the horse in the school play – even I didn’t recognise my little Data in that instance: she looked so different!  Miss Custeau D Airn was very sweet, and fond of all her little charges.  And she kept every one of my rules.
Until last month.

“Mrs Aspidistrasa! Data has been voted as chief-paintbrush-disher-outer in art class, but doing this will mean getting covered in purple paint.  As this breaks rule 6, what should I do?”

This posed a bit of a dilemma for me, as Data’s owner mother (I really must stop doing that!) because it meant if I allowed Data to take on this new role, I would have to change one of my rules.  But why should I change my rules to suit others?  They’re MY rules, just like she’s MY Data!

The answer was clear: without a coat of purple paint, Data would be useless to her classmates, and all the others that had come to depend on her for so many things.  And really, other than my personal dislike of purple paint, was there any good reason why Data shouldn’t be covered in purple paint if that was what was needed?

And so it was, at the urging of Miss Custeau D Airn, that I changed the rule about Data remaining completely unchanged whilst in Miss Custeau D. Airn’s care.  Henceforth, Data was allowed to be covered in purple paint, but only when acting as chief-paintbrush-disher-outer in art class.  And no pink paint. I hate pink.

And so ends my happy tale, but in summary, this is what you need to know:

  • Owners – and only owners – set the rules regarding what may happen to their data. They may consider input from others, but the final decision is theirs.
  • Custodians have a duty of care to uphold and enforce the application of the rules that the owner has set. They may not create new rules, modify existing ones, or ignore any.
  • Owners dictate what their data will look like (its attributes and their values), where it will reside (system, database, etc), who may access it (which people, systems and processes) and the degree of access they have (create, read, update, delete), and how often it may be changed (if ever).
    In addition, the owner may specify the purposes for which the data may be used (particularly important in a regulatory environment), where it may go (any systems through which it may pass, and where copies may be stored), the conditions under which it may be accessed and/or changed, and any exceptions to these stipulations.
  • Custodians ensure that the data remains intact, that its source remains constant, and that all access is controlled in accordance with the owner’s stipulations.
  • Ultimately, it is the owner who bears full and final responsibility for the data, and it is the owner – not the custodian – who is held liable when things go wrong.
    The relationship with the custodian is based on an immense degree of trust, but it is nonetheless up to the owner to ensure that the custodian doesn’t violate that trust by failing in the dispensation of his or her duties.
  • Typically, the custodian is the “face” of the data, the go-to person, and the voice of both the owner and the data’s stakeholders. In addition, the custodian is often the primary communication channel between the owner and stakeholders, ensuring that the voices of all interested parties are heard and understood by the others.

6 thoughts on “Data governance – the differcne between owners and custodians

  1. Great story… and that, dare I say, is the IT goal. Now for a storyline along business lines, like I Data must be kept clean in order not fall prey to germs

    1. I’m still trying to come up with one 🙂
      One of the biggest obstacles to understanding why data quality is necessary lies in the disregard that business shows towards data assets. In my experience, data capture is entrusted to clerks, call-centre agents and other junior staff – often with the most rudimentary training (if any) – who are then typically measured on how many records they capture, and quality be hanged. There is an expectation that quality is a given, and that quantity presupposes an equivalent measure of quality.
      Unfortunately, I have yet to encounter a data capturer that understands what the data means to the business, why it is important, where it fits into business processes, and therefore why quality is important (or even what it is).
      Until such time as business realises that their janitors are not best qualified to perform open heart surgery, the germs will flourish. Hmm. Perhaps that’s my story…

    1. 🙂
      I think it largely depends on the data governance structure within the organisation.
      In some companies (usually those that think data governance exists only in Star Trek), the data stewards are about as important as class captains – pretty close to the bottom of the food chain, with very little real authority. Sometimes, they’re more like the prefects: in charge when nobody else is around, but not allowed to do very much.
      In companies that take are trying to implement data governance but that don’t understand it very well, the stewards may be likened to the school librarian: responsible for cataloguing, labelling, tracking and stamping due dates, but no control over anything or anyone outside of the library itself. Or, they may be a bit like the school nurse – outside the immediate data management structure, but nonetheless responsible for the continued health and healing of sick data. Very occasionally, you may find a data steward in charge – like a headmaster – but still governed by the whims of parents and others alike, and only in charge of the Data as long as she remains on the school premises.
      I think that in an ideal world, the data steward would be the Minister for Children, who writes the laws and policies governing what both parents and teachers may do with Data, within what parameters they may act, and the consequences of breaching any of these statutes. What say you?

    1. I disagree: It’s true that the same person may fulfil the roles of steward and owner or custodian, but the roles remain separate. Further, the role of steward supersedes both owner and custodian roles, so the steward doesn’t act on either of their behalves: s/he acts on behalf of the enterprise.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.