Most organisation share the common attitude that if they have captured the data, then they own it. This is not true. An organisation can never own the details of an individual. As already mentioned owning it, implies they have full control over that data, exactly like if they had ownership over a copyright to a book.
This is not the case. An organisation can never own the data of an individual. The conclusion is that they are the custodians of the data. An individual has entrusted the data when requested, to an organisation. There are certain implied trust issues most individuals assume when that data is provided. The main one being that the data they give will not be shared, sold or given to other organisations without their express permission (as covered by the Australian Privacy Act)
Another assumption is that the organisation will not tamper with, modify or misuse the data provided. Employees within the organisation will not access confidential data without the correct authorisation. It is assumed there are safeguards in place to protect that data.
Because of this, organisations should respect the data they are given. They are not entitled to sell this information to other organisations, provide copies freely or shared to any other organisation. They should also ensure correct security checks are in place protecting the data from theft as well as unauthorised access.