Appendix C: Data management roles
Data Originators have Original Classification Authority (OCA) to set the initial classification level of a piece of information they create in whole or in part. Only Data Trustees have the authority to revise a classification level.
Note: Data Originators do not have the authority to downgrade confidential information, since the protections required are usually the result of legal or contractual requirements.
The department, division, or other administrative unit manager that is directly responsible for the management and maintenance of the data stored on computer storage device or media.
Data Stewards are PCC staff having direct operational-level responsibility for information management. They are usually department managers or designated system analysts.
Data Stewards are responsible for providing a secure infrastructure in support of the data – including, but not limited to, providing physical security, backup and recovery processes, granting access privileges to system users as authorized by data trustees or their designees, and implementing and administering controls over the information.
Data Trustees are senior PCC officials (or their designees) who have planning and high-level responsibility for data within their functional areas and management responsibilities for defined segments of institutional data.
Data Trustees are ultimately responsible for the accuracy and protection of data in their areas. Responsibilities include assigning data stewards, participating in establishing standards, practices, and accountability.
Data users are individuals who need and use PCC data as part of their assigned duties or in fulfillment of assigned roles or functions within the PCC community. Individuals who are given access to sensitive data have a special position of trust and are responsible for protecting the security and integrity of those data and should exercise due care in using the institution’s accessing information systems and to protect files from unauthorized use, disclosure, alteration, or destruction. Each user is responsible for security, privacy, and control of their own data.