Persona
responsable de la integridad, confidencialidad y disponibilidad de una cierta
información. Debe tener autoridad para especificar y exigir las medidas de
seguridad necesarias para cumplir con sus responsabilidades, pudiendo delegar
los aspectos operacionales en responsables de seguridad.
Persona
física, jurídica de naturaleza pública o privada y órgano administrativo que
decida sobre la finalidad, contenido y uso del tratamiento.
LEY ORGÁNICA
15/1999, de 13 de diciembre, de Protección de Datos de Carácter Personal.
Ley Orgánica
5/1992, de 29 de octubre, de Regulación del Tratamiento Automatizado de los
Datos de Carácter Personal. (Vigente hasta el 14 de enero de 2000)
(N) The organization that
has the final statutory and operational authority for specified information. [RFC4949:2007]
Individuos,
por lo general gerentes o directores, que tienen la responsabilidad de la
integridad, el uso y el reporte preciso de los datos computarizados.
[COBIT:2006]
Individuals, normally
managers or directors, who have responsibility for the integrity, accurate
reporting and use of computarised data. [COBIT:2006]
The authoritative head of
the respective college, school, or unit. The owner is responsible for the function
that is supported by the resource or for carrying out the program that uses the
resources. The owner of a collection of information is the person responsible
for the business results of that system or the business use of the information.
Where appropriate, ownership may be shared by managers of different
departments. The owner or his designated representatives are responsible for
and authorized to:
·
Approve
access and formally assign custody of an information resources asset.
·
Determine
the asset's value.
·
Specify
and establish data control requirements that provide security, and convey them
to users and custodians.
·
Specify
appropriate controls, based on risk assessment, to protect the state's
information resources from unauthorized modification, deletion, or disclosure.
Controls shall extend to information resources outsourced by the university.
·
Confirm
that controls are in place to ensure the accuracy, authenticity, and integrity
of data.
·
Confirm
compliance with applicable controls.
·
Assign
custody of information resources assets and provide appropriate authority to
implement security controls and procedures.
·
Review
access lists based on documented security risk management decisions.
http://www.utexas.edu/its/policies/glossary.html
A Data Owner is the entity
having responsibility and authority for the data.
http://www.sans.org/security-resources/glossary-of-terms/