← Back to principles
Data
Data ownership accountability
Statement
Data must have a defined owner responsible for ethical and compliant usage
What this means in practice
Every data set, entity, or domain concept has a named owner who is accountable for how it is collected, stored, processed, and shared. The owner has visibility over who accesses the data, approves new usage, and ensures that handling meets legal, regulatory, and ethical requirements. Unowned data is treated as technical debt and addressed accordingly.
Why this matters
Without clear ownership, data governance becomes fragmented. Compliance obligations such as GDPR, contractual data-handling terms, and sector-specific regulations require someone to be answerable. Ownership also prevents data from becoming orphaned, misunderstood, or misused over time. When data has meaning tied to a responsible party, quality and trust follow naturally.
Practices that meet this principle
Assign and document a data owner for every data set or domain entity
If applicable, Maintain a register of data ownership that is reviewed periodically
Require owner sign-off before granting new access or enabling new downstream usage
Ensure owners have tooling to monitor access patterns and flag anomalies
Include data ownership as a mandatory consideration in solution design and architecture reviews
Treat any data without a defined owner as a remediation item in technical debt tracking
Validation
A project meets this principle when:
Every data set has a documented owner with clear accountability
An approval process exists for granting access to or enabling new usage of data
OR:
No data set exists in the solution without a named owner