Data Governance Job Descriptions - Data Owner
Data Owners are clinic officers having direct operational-level responsibility for the management of one or more types of data. Data Owners are assigned by the Data Trustee and are generally directors or managers.
Data Owner Responsibilities include:
- Interpreting and assuring compliance with Federal, State, and Clinic policies and regulations regarding the release of, responsible use of, and access to clinic data
- Assigning data classification labels using the clinic's data classification methodology
- Data Compilation - When data classified at varying levels is brought together as a data set to create information, the data owner must examine each data element and ensure that the data is classified at the level of the most secure data element in the set. For instance, if one data element is classified as Public and another is classified as Restricted, the entire data set must be classified as Restricted and secured accordingly
- Ensuring that there is a process that includes verifying and documenting any data or information shared between external agencies or departments. The data must be classified and protected according to agreed upon classification methodologies and data treatment requirements to avoid unintentional disclosure
- In conjunction with Information Security, ensure that confidential information, or information that could be used directly or indirectly to identify an individual, is protected
- Establishing any restrictions on downloading, exporting or remote access of data. This is normally done in conjunction with IT staff so that they can configure the security elements of the infrastructure to assist in preventing unauthorized access
- Work with Information Security to develop access criteria and guidelines for each classification label or level. As the level moves from Public to Restricted, the requirements for accessing the data also increase
- Authorize and recertify access to the data
- Ensure that individuals with visibility to Restricted data have completed required training and agreed to confidentiality statements
- Monitor data on a regular basis to ensure data quality