The individual or entity that has legal rights and control over a data resource or an asset. They are responsible for defining the classification of the data, access controls, and ensuring appropriate protection mechanisms are in place to safeguard the integrity, confidentiality, and availability of the data.