- Data minimization means maintaining only data that is strictly necessary to fulfill a specific purpose.
- While the General Data Protection Regulation has not been enacted in the US, it may be, and companies would be wise to prepare.
- There are numerous financial and other benefits of minimizing the collection and storage of data by organizations, even absent regulations.
Data minimization has become an issue of great concern among information technology stakeholders. Between the European Union's General Data Protection Regulation (GDPR) and the growing liability of managing large volumes of data in one vulnerable database, businesses are taking a new look at the concept of data minimization.
In fact, data minimization, which involves optimizing data collection and processing workflows to gather and handle data only for explicit purposes, is a fundamental principle of GDPR. This approach allows businesses to collect highly actionable information and mitigate many of the security risks that accompany high-volume big data collection.
What best describes the concept of data minimization?
According to Trend Micro, it is limiting data collection to "only what is required to fulfill a specific purpose." An organization applying the concept of data minimization will perform any analysis using the least amount of data possible and will use data only for the purpose it was obtained.
If you are considering how to apply data minimization to your business, you need a comprehensive implementation plan that includes these four key principles.
1. Narrow data collection
Determining what data is absolutely necessary is the first step in a successful data minimization strategy. Businesses must narrow their data-gathering techniques to the point where only the most valuable information, however, a given business defines that, is collected for analysis. Moreover, for the data that is collected, it's critical to set strict parameters to control the number of privileged accounts that have access to that data. These parameters should be included in any actionable initiative centered on the methodology.
2. User verification and screening
Many bulk data collection workflows function on the assumption that the vast majority of users submit usable, relevant information that they own. In reality, this is not the case.
Many businesses, from startups to multinationals, unintentionally collect large amounts of dangerous data. It could be fraudulent or unconditioned, and thus generates risk for everyone involved simply by sitting in company servers. Strong data minimization plans create user verification and screening processes to weed out such data. For instance, a rideshare company with such tools in place would be able to catch an applicant with a violent criminal conviction attempting to submit someone else's personal details. With these initial assessment procedures in place, organizations will gather only usable information from verified sources.
3. Progressive data management
User data eventually goes stale, yet many organizations do not take this into account, which results in databases stuffed with unusable or incorrect information. This is a burden for not only the IT infrastructure but also the greater business as it could negatively affect analysis. Data minimization plans with progressive evaluation protocols avoid these issues by working with users to update their data and cultivate databases optimized for actionability. This not only saves the business time and money in the long run but continues to mitigate the risk that inevitably comes as the amount of user data increases.
4. Strategic deletion
Strategic data erasure is a core component of the data minimization methodology. User information has a lifespan, and this has never been more true than in today's fast-moving digital marketplace. Businesses must consistently purge stale data from servers to ensure the information they access is truly valuable and does not pose a security threat. As a result, all data minimization plans should include deletion protocols.
While this is already a requirement for anyone who must comply with GDPR, it is important for even those businesses that may not have to adhere yet. Major steering decisions about a business should always include a discussion about the new types of data needed and any outdated types of information that no longer serve the organization.
Anytime you store data, you are vulnerable to breaches, unverified data and more. There's no way to eliminate those risks altogether. However, companies that pursue sound data minimization strategies can streamline information collection workflows, gather more valuable data and reduce the risk.
What are the benefits of data minimization?
While many organizations are limiting data collection and storage as a response to GDPR requirements, the benefits of minimization go well beyond compliance. Specifically, companies are realizing the following:
- Reduced risk of data loss. The average data breach involves more than 25,000 records, and the cost per breached record in the U.S. is over $240. Keeping fewer records reduces the chances of a loss and the potential severity of any occurrence.
- More efficient data retrieval and storage. Management of data is simpler when there is less of it. Knowledge workers can spend less time hunting through archives and feel more confident that they are retrieving the most current data when minimization is being practiced in a well-disciplined manner.
- Faster responses to requests. It is easier to respond to requests when there is less stored data.
- Enhanced customer approval. Customers prefer to be asked for less personal data, and trust companies that provide assurances about what data is stored.
- Preparedness for future regulations. Companies enacting data minimization efforts now will be ahead of the game if future regulations similar to GDPR are passed in the future.