Data ownership and responsibility has some newer terms since the 2018 refresh.
- Data Subject – the person who the information is about.
- Data Owner – the entity that collects/creates the PII and is legally responsible and accountable for protecting it and educating others about how to protect the data through dissemination of intellectual property rights documentation, policies and regulatory requirements, specific protective measures that are expected of custodians, and compliance requirements.
- Data Controller – same as data owner when a true data owner does not exist.
- Data Processor – typically an entity that works under the direction of the owner/controller, such as an IT department.
- Data Custodian – the role within the processing entity (IT department) that handles the data daily.
- Data Steward – a newer concept related to users of the data; those who use the data for the business purpose.