Privacy and Data Sensitivity What are the roles and responsibilities we need to know ? o Data Subject - an individual who is the subject of personal data o Data Owner - "Masters of all"; responsible for classification of data and hold legal rights and complete control over the data they create, or is created by others on their behalf; o Determine data's impact on the mission of the organization; Understand the replacement cost of the information (if it can be replaced); o Determine who has a need for the data and under what circumstances the data should be released; o Identify when data is inaccurate or no longer needed and should be destroyed o Data Controller - Determines the purpose(s) for which & the manner in which data is to be processed o Data Processor - "Managers of all" ; they process the data on behalf of the Data Controller o Adherence to appropriate and relevant data policy and data ownership guidelines o Ensuring accessibility to appropriate users, maintaining appropriate levels of dataset security o Dataset maintenance & documentation o Assurance of quality and validation of any additions to a dataset, including periodic audits to assure ongoing data integrity o Data Custodians - responsible for the safe custody, transport, storage of the data & implementation of business rules oAccess to the data is authorized and controlled oData stewards are identified for each data set oTechnical processes sustain data integrity oProcesses exist for data quality issue resolution in partnership with Data Stewards o Data Stewards - responsible for utilizing an organization's data governance processes to ensure fitness of data elements both the content and metadata. o Focus on processes, policies, guidelines & responsibilities for administering organizations' entire data in compliance with policy and/or regulatory obligations. oTechnical controls to safeguard data oChange management practices are applied in maintenance of the database/dataset oData content & changes can be audited o Data Protection Officer - mandatory role for all companies that collect or process EU citizens’ personal data, under Article 37 of GDPR. o Responsible for educating the company and its employees about compliance, training staff involved in data processing, and conducting regular security audits. o Also serve as the point of contact between the company and any Supervisory Authorities (SAs) that oversee activities related to data.