← Back to principles

Data

Data ownership accountability

Statement

Data must have a defined owner responsible for ethical and compliant usage

What this means in practice

Every data set, entity, or domain concept has a named owner who is accountable for how it is collected, stored, processed, and shared. The owner has visibility over who accesses the data, approves new usage, and ensures that handling meets legal, regulatory, and ethical requirements. Unowned data is treated as technical debt and addressed accordingly.

Why this matters

Without clear ownership, data governance becomes fragmented. Compliance obligations such as GDPR, contractual data-handling terms, and sector-specific regulations require someone to be answerable. Ownership also prevents data from becoming orphaned, misunderstood, or misused over time. When data has meaning tied to a responsible party, quality and trust follow naturally.

Practices that meet this principle

  • Assign and document a data owner for every data set or domain entity

  • If applicable, Maintain a register of data ownership that is reviewed periodically

  • Require owner sign-off before granting new access or enabling new downstream usage

  • Ensure owners have tooling to monitor access patterns and flag anomalies

  • Include data ownership as a mandatory consideration in solution design and architecture reviews

  • Treat any data without a defined owner as a remediation item in technical debt tracking

Validation

A project meets this principle when:

  • Every data set has a documented owner with clear accountability

  • An approval process exists for granting access to or enabling new usage of data

  • OR:

  • No data set exists in the solution without a named owner