Somewhere along the road of technology integration into our daily business process, the role of information owner and data custodian become confused. Data only has value when there is meaning wrapped around it. The combination of data and meaning creates information. A business unit, and therefore business unit leadership, is the rightful owner of almost all, if not all of the information a business generates. The data owner is the person or entity for which the data has value. They are the ones who can open a spreadsheet and make sense of the rows and columns of numerical data. It's informational to them.
In contrast, the data custodian can't make heads or tails of most of the data they are asked to maintain. A spreadsheet of last month's sales numbers isn't any more valuable than next month's customer newsletter. It's just data to them. They are charged with making sure the data is secured and available to the owner when needed.
In many organizations, information owners have abdicated their responsibilities to manage and protect their information investments. They rely on IT to determine backup schedules, off-site rotations, disaster recovery, retention schedules, access controls and other things which impact the confidentiality, integrity and availability (CIA) of their information. In many cases the business unit leadership is markedly absent from any discussions or decision points regarding information CIA. They simply want to pass this on to IT to worry about as a "technical" issue.
By default, most IT organizations accepted this responsibility as they knew at some point data would be compromised and the business unit would look to them to fix it. Unfortunately, instead of pushing the responsibility back to the business unit to get involved in the process, they simply shouldered the burden and did what they thought was best.
If you take in a stray puppy and care for it, you might become attached to that puppy over the years. When the rightful owner comes back to claim it later, there could be some tension in those discussions. The same thing is happing with regards to our business information. IT has been caring for and feeding our data for years while the business units have largely neglected their responsibilities as information owners. IT has been doing the best they could with limited resources and knowledge of the constraints on the information.
Now under the gun due to regulatory environments, data owners are finding themselves on the hook and under scrutiny in regards to information security and privacy. Business unit leadership is suddenly very interested in what's happening with their information. They want to know the who, what, when, where, why and how.
We in IT need to embrace this newfound interest. Don't look at it as challenging your authority over the information. You never had any authority. It was an illusion. Take a deep breath and exhale a sigh of relief. No longer do you have all the responsibility with none of the authority. You can now provide recommendations to the business on appropriate safeguards but ultimately will take direction from them in regards to protecting their data. This is going to feel weird at first. Really weird…almost wrong. But trust me, in the end everyone will be happier and things will run smoothly when information owners and data custodians understand and embrace their roles in collaboration with each other.