Data Ownership & Stewardship (RACI)

Three-role model for data accountability: **Data Owner** (business accountability — usually VP/Director of a domain), **Data Steward** (domain expert responsible for quality, definitions, access decisions, day-to-day governance), **Data Custodian** (technical executor — platform engineer or DBA who executes access provisioning, backups, infrastructure). Owner is A in RACI; Steward is R; Custodian is R for execution.

RACI applied per responsibility: for each dataset, explicitly assign: (a) Schema changes — who approves? (b) Access grants — who approves? (c) Quality incidents — who investigates/remediates? (d) Business definitions — who decides? (e) Retention decisions — who sets policy? One Accountable per row. If nobody is Accountable, the column is a wish, not a policy.

Escalation paths: Steward handles 90% daily; escalates to Owner for policy exceptions, cross-domain disputes, access to restricted classifications. Owner escalates to Governance Council for strategy, cross-business-unit conflicts.

Embedding in tooling: modern catalogs (DataHub, Collibra, Atlan) enforce owner/steward fields as mandatory on datasets. Access tools (Snowflake, BigQuery, Okta+Immuta) route access requests to the Steward for approval — no Steward, no approval possible.

Federated model (scales): each business domain (Sales, Finance, Product) has its own Steward(s), reporting dotted-line into a central Chief Data Officer org. Central defines frameworks; domain owns execution. Opposite extremes — fully centralized (bottleneck) or fully decentralized (chaos) — both fail at scale.

Common dysfunctions: (i) 'everyone owns = no one owns' — collective ownership ≠ accountability; (ii) ownership by the IT team who built it — wrong: IT is custodian, Business is owner; (iii) steward assigned without bandwidth — becomes a title, not a function; (iv) ownership set once, never reviewed when the business reorganizes.