Distributed Data Management Policy.
Document Code No.: INF 8-10 (AEO)
Department/Issuing Agency: Office of Information Resource Management
Effective Date: June 15, 2007
Approved: Ron Sims
Type of Action: New
Signed document (PDF, 292 KB)
WHEREAS, King County data is a valuable asset, and
WHEREAS, when data resides within county information systems, an agency is deemed to own the data as the primary caretaker of the data, and who has - by policy, statute, or law - authority over and responsibility for the data, and
WHEREAS, when that data resides within a database that is managed by an information system, the data is managed by the security and access controls that govern that system, but when the data is distributed, decisions must be made regarding the availability and confidentially of the data in its modified environment, and the need for governance, security and control standards, and
WHEREAS, in some cases, when data that is distributed to another source system - a secondary information system, report, or record - ownership of and responsibility for that data rightfully transfers as well,
NOW, THEREFORE, I Ron Sims, King County Executive do hereby order and direct:
1. When data is distributed from an information system, the individual or agency that owns the data at the time it is distributed retains both the authority to define access rights and security controls over the data in its distributed state, and the responsibility to communicate and establish such controls and policies.
2. Unless governance of the data is altered, the data must be controlled in a manner similar to the way it is controlled within the originating information system. This includes control of the receiving system(s), digital documents, or paper reports, whether or not such items remain within an information processing center.
3. In some cases, knowledge that data exists may constitute access to the data itself. In such cases, the data owner shall apply the same standards and controls related to data structures and metadata that it does to the data.
4. In some cases, the transference of governance over the data constitutes a transfer or data ownership and control. In such cases, the agency/department/governance structure that receives the data has the rights to use the data and redistribute the data, while also maintaining the responsibility to comply with any policies, laws, and standards that govern the data.
5. If data moves from one information system to another, and the target system is governed by a different agency or department than the original, either the ownership and governance of the data transfers to the receiving agency, or there will be a governance or administrative structure overseeing the security, policies and management of the target system.
6. The originating data owner has the right to establish security and administrative policies regarding the secondary use of data by the target system and the users thereof. The receiving agency has the responsibility to comply with the policies in order to receive and use the data.
Dated this 5th day of June, 2007.
/s/ Ron Sims, King County Executive
ATTEST:
/s/ Sherril Huff, Director Designate
King County Records, Elections, and Licensing