A database is specialized to manage and handle data in a computer application system. Data can be stored in many forms, like text, symbols, digital, images, graphics, and even sound. Various sectors like government, public security, finance, medical, energy, business, taxation, transportation, social, education, corporate and other sectors have formed their own databases application systems to store large amounts of information in the database, to handle and use, in order to lead the society into this information era. With the advance in internet applications, databases have a greater role to play (Ji 2011).
Ji further goes on to say that while development of these database applications systems has brought about social development and progress, it has also created issues of security and privacy of the stored data. The potential safety hazards for large databases are great, owing to their universality. One example is a hospital database where illegal invasion leads to stealing of numerous patients’ private information.
Now the question is who owns this data? Who is responsible for it? Data ownership means both possession of and responsibility for the data. Ownership refers to power and control both. (Loshlin 2001).Telling the consumer that he "owns" his corporate data is very dangerous. If he tries to exercise his "rights" of ownership it could have disastrous repercussions on the enterprise and its data. The term "stewardship" is a better term to explain this. It involves a broader responsibility and here where the user must consider the consequences of changing "his" data (Scofield 1998).
What about medical data? Who owns it? There was never a doubt when it was about paper records. It was mainly the clinicians and insurers who owned the medical records. But with the development of electronic health information, it becomes problematic. The law gives patients the rights of privacy and access to their own records but federal and state laws do not give property rights to patients. Patients do not have the right to solely possess or destroy their original records (Hall & Schulman 2009)
With the enforcement of laws like Health Insurance Portability and Accountability Act (HIPAA) and requirements of Sarbanes Oxley (SOX) auditors, organizations are beginning to realize the importance of securing their data properly .First of all, the data is classified into private, company confidential, company restricted, and public. This classification of data is done by the owner. Here the owner is the director or head of the organization. For a financial organization it may be the CFO.
This data owner is responsible for setting up a policy so that only authorized people can access and see the data. The data owner must also determine who has access to the data; how the data should be kept secure, for how long the data must be retained, what the appropriate disposal methods are, and whether the data should be encrypted. (Woodbury 2007)
Privacy is a complicating issue. What information should remain private, and in what situations? Consider credit information. When someone applies for a credit card it is considered private information, although in order to receive that credit, a credit bureau is consulted. At that point, the fact that the credit card application has been taken is now added to the credit record.
Woodbury says that appropriate data ownership and data classification are key elements in an organization’s security policy. Without these, it will be difficult to implement a security policy. An organization, be it finance, medical, credit, or consumer related, will not be able to meet the regulatory and internal requirements regarding access control for its data, without this.
· Hall, M.A. and Schulman, K.A. (2009). Ownership of Medical Information. The Journal of the American Medical Association, 301 (12), p. 1282-1284.
· Ji, J. (2011). Security Issues with Databases [Online]. Available at:
[Accessed January 26 2013].
· Loshlin, D. (2001). Enterprise Knowledge Management: The Data Quality Approach. US: Academic Press.
· Scofield, M. (1998). Issues of Data Ownership [Online]. Available:
· [Accessed January 26 2013].
· Woodbury, C. (2007). The Importance of Data Classification and Ownership [Online]. Available:
[Accessed January 26 2013].
CTO at ITweetLive.com