There is an interesting role in many IT-driven data governance initiatives. The role is “data custodian”. It’s very strange that this role exists and that we spend time talking about it but it’s also very revealing that we do.
Basically, the definition of a “data custodian” is as follows (by example from Wikipedia): “… Data Custodians are responsible for the safe custody, transport, storage of the data and implementation of business rules…”.
The definition of “data custodian” is always made as distinct from the definition of “data owner” or “data steward” and this is critical to the definition. The distinction being made is between the person responsible for the data itself, and the person who is “just” responsible for something like the movement of the data, or perhaps the repository that the data is stored in.
The reference to “business rules” is a reference to rules defined by others and only “implemented” by the “data custodian”. This concept makes it clear that these are instructions that are followed and defining these rules is not the role of the “data custodian”.
So we have a role defined in many IT-driven data governance approaches that basically means “somebody not responsible for the data”. Data governance is a subset of governance, so one of the main reasons you implement a data governance framework is to determine who is responsible for the data. Having a clear and well defined role that ensures we know who isn’t responsible for the data seems like a strange place to start or to even include at all.
It gets worse. It also turns our “data custodian” isn’t a role at all. It’s actually a shorthand for a group of roles, typically assumed to be part of the IT department, that are all equally not responsible for the data itself. These roles might include data modellers, data architects, product owners, scrum masters, or any other roles that are clearly not responsible for the data itself.
If you are talking about data custodians in your data governance framework you are taking an IT-centric approach – you should remove the concept from your approach.
It would be better to focus on give accountability and responsibility for data – and then shifting budget and resources to reflect that accountability – rather than wasting time defining who isn’t responsible.
Most of the roles that are bundled into the definition of “data custodians” are better thought of as part of the approach for implementing “data services”. If you design and implementing data services, with clear service management, many problems about accountability will go away.