An IT administrator needs to ensure data retention standards are implemented on an enterprise application.
Which of the following describes the administrator ' s role?
Correct Answer: B
In Security+ governance terminology, the person who implements and operationalizes requirements like data retention standards on systems is typically acting as a data custodian. Data custodians are the individuals or teams responsible for the secure safekeeping and handling of information, carrying out the controls that protect data in day-to-day operations. The study guide explains that custodians do not set the business purpose for the data; instead, they are responsible for safeguarding it and enforcing the required protections when a controller/owner delegates those responsibilities .
By contrast, the data owner (or "data controller" in privacy-law terminology) is the role that determines why the data is processed and establishes expectations such as classification decisions and high-level handling requirements (which commonly include retention expectations as part of governance). Owners/controllers may delegate implementation tasks but remain accountable for decisions about the data . A data processor is usually a third-party service provider processing personal information on behalf of the controller-this does not fit the scenario because the IT administrator is an internal implementer rather than an outsourced processing entity . Finally, a privacy officer (or data protection officer) leads and coordinates organizational privacy efforts at a program level, ensuring privacy objectives are met, but they are not typically the role directly configuring enterprise applications to enforce retention standards .
This aligns with the SY0-701 governance model where policies define intent and standards define mandatory implementation requirements, while technical teams (custodians) put those requirements into practice .