Information Ownership

On this page:
Administrative (Business) Data Ownership
Data Custodians
Access to Business Data

Administrative (Business) Data Ownership

Business data collected, created at, or maintained within the Institute belong to the institution, not to any particular function, unit, or individual. Institute ownership prevails regardless of the:

• Form in which the data are stored: paper or electronic
• Storage location
  • central office file cabinets or drawers in departmental desks
  • enterprise servers, local workstations, laptops, mobile devices or removable media, mainframe disk farms, or floppy diskettes
• Transport method: courier, campus mail, the campus network, or a local office's network

Data Custodians

These data will often be organized into logical collections, for which a data custodian will be identified. It is the responsibility of the designated custodian of a particular data collection to ensure data integrity, security and accessibility to all who demonstrate need. The roles and responsibilities of custodians for computerized information must be clear and broadly understood. The responsibilities are complex, balancing the sometimes competing demands of daily operations, accessibility, privacy, legal constraints, and accuracy. Efforts to resolve complexities can lead individual custodians to differing interpretations of their roles. The differences may have frustrating results, especially for those who need to combine information from more than one data collection, as many departmental administrators do.

Identification of custodians must be explicit, but is increasingly complicated as offices share information and computerized databases. Resolving custody identification issues may impact current organizational forms. The Data Warehouse receives information from various MIT sources. This list is provided online here.

Access to Business Data

Protection of individual privacy rights and compliance with legal and fiduciary requirements mandate that the data are owned by the institution. For members of the Institute community to make informed and timely decisions, accurate versions of the Institute's business data that are relevant to their decision must be readily available to them.

Members of the Institute community who can demonstrate a need to use its business data for Institute business purposes should have access unless Institute policy prohibits it. Authorized access should be available in a medium and at a frequency that meets the receivers' business needs. The meaning of data should be clear to the user and consistent with definitions of related data. The data should be accurate and up to date.

Where to get what data should be readily discoverable to authorized members of the community, whether they are new employees or experienced individuals who have new information needs.

In turn, working with data custodians, members of the Institute community are responsible for ensuring that their uses of the business data of the Institute are consistent with the Institute's policy on data security and privacy.