the privacy guru
  • About
  • Speaking & Events
    • Speaking Events
    • Bring the Privacy Guru to Speak
    • Book a Privacy Salon
    • Book a One-On-One Session
  • Publications
    • Privacy Memes
    • Articles
    • E-Book: Privacy for Humans
  • Blog





Practice Data Minimization

On 03 Sep, 2019
Uncategorized
By : theprivacyguru
With 1 Comment
Views : 3167

data minimization

Even if you’re not a full-blown hoarder, it’s reasonable to assume that you have an attic, or a garage, or even just a junk drawer where all those things that don’t fit anywhere else, but you’re sure you’ll need someday, live. None of us are immune to accumulating ‘stuff’ that can become clutter. It’s a byproduct of consumption—of changing fashions, priorities, bodies, and budgets. But clutter can be a distraction, delay productivity and in some cases be dangerous. It can become a fire hazard, or a health and safety hazard. Think of the box of ‘household items/ misc’ you may have lugged from apartment to apartment and never unpacked. The trappings of life can drag us down emotionally and psychologically and the mere thought of parsing though the mess, organizing and ultimately parting with some of our belongings can be painful and overwhelming.

Data hoarding, too, presents its own set of anxieties and hazards for organizations. Data storage can be expensive. Staff and other resources are needed to ingest, digest, analyze and otherwise make sense of data.  Amassing data indiscriminately can make an organization susceptible to claims they are not processing data with a ‘lawful basis’. The accumulation of data, especially sensitive data and data maintained in unsecure legacy systems, can increase the risk data breaches and other security issues.

For the physical clutter in our lives, there’s a new patron saint of organizing: Marie Kondo, the bestselling author of The Life-changing Magic of Tidying Up, the star of Tidying Up with Marie Kondo, and the creator of the Konmari method—a system for bringing order to chaos and for purging possessions that don’t ‘spark joy.’ Her method has helped countless individuals consume more intentionally, and part with objects that are just taking up space.

In the data privacy world, Konmari has a kindred spirit in the concept of data minimization—not only an important requirement of the EU GDPR, but a principle that can be used to guide strategic decisions around data collection and use. For global companies, data minimization means limiting personal data collection, storage, and usage to data that is relevant, adequate, and necessary for carrying out the purpose for which the data is processed.

In this article, we’ll look at five ways to practice data minimization. Taking inspiration from the Konmari method, organizations can employ a ‘getting to less’ methodology through less data collection, less data use, less data sharing, and less data retention.

Collect Only What You Need

Just like you probably don’t need to collect every ‘collector’s edition’ that comes across a late night home shopping channel, organizations don’t need to collect every morsel of data on every individual customer. To get the most out of data collection—and to minimize risks of breaches, or collecting unverified data—organizations should develop standards around approved data sets tied to specific business purposes.  Anything that falls outside those parameters is just clutter—unneeded data gunking up the wheels and keeping an organization from being as efficient as it can be. Of course, there are exceptions to every rule. If there’s a business case to be made for data processing that falls outside the policies and operational guidance initially set, have a process in place for escalation, review and approval.

And what about big data you might ask – isn’t that diametrically opposed to the concept of data minimization? This will pose some challenges and will require discussions with your policy and data governance teams and data scientists. Big data doesn’t have to equate to mindless data maximization – legal obligations and best practices regarding transparency, notice, security and the scope of personal data required for AI, machine learning, IoT and other analytics programs still apply. In fact, the ICO recently published a post discussing  techniques organizations can use to comply with data minimization requirements in the AI context.

Keep it Clean

It’s amazing the kind of relief that can accompany tidying up the everyday mess of a home.  It can be the difference between having a room you have to hide from guests, to one that inspires creativity and togetherness. In data speak, having accurate, timely and reliable data lead to informed decisions and smart investments or making a huge mistake. Thoughtful data strategy, standardized policies and a mature culture and processes around data quality can help keep data sparking organizational joy in the form of increased efficiency and accurate business intelligence. Not only that, but unverified, outdated or inaccurate data can pose a security risk. Keeping data as clean as possible limits associated privacy and security risks.

Limit Data Sharing

Large organizations don’t just collect ‘stuff’ in the form of data itself. They also collect, so to speak, vendors—third parties who perform specific business functions. Limiting the number of vendors an organization employs, as well as establishing clear and intentional vetting processes, can decrease data clutter, as well as reduce the chance of breaches or improper data handling. The fewer vendors that come into contact with your data, the fewer points of potential failure exist in the data processing chain. Ask yourself this: do you really need three different vendors who provide email marketing, or analytics, or any other service? Take some time to scrutinize your existing vendor relationships. Consider putting a moratorium on engaging of new vendors until you’ve ‘cleaned house.’ When you do let a vendor go, properly offboard them by ensuring that data is no longer shared with or accessible after contract termination.

Change with the Times

Sure, when you were knocking down pins at your Tuesday night bowling match, your set of matching balls and shoes might have been possessions worth keeping. But times have changed. So, too, should organizational data management strategies. Organizations that practice progressive data management are those taking steps to limit data storage and formalizing data retention policies and operational practices. Of course, what data is useful changes over time. As your organization changes, and its priorities, business models and products and services develop, data management should, too. Ensuring your data management processes are agile, flexible and stay up to date makes for cleaner data, and cleaner data makes for better business insights. Changing with the times also means following best practices and industry trends such as considerations of data ethics as well as utility in the processing of data.

Don’t Get Too Attached

We all do it. Whether it’s to our ratty college sweatshirt, treasured books or collection of Pez dispensers, we let ourselves grow attached to things we probably don’t really need. We form sentimental attachment to things and it takes courage and mindfulness to create the piles of what items we should keep, repair, donate to charity, or simply throw away. The initial purge may be painful, but we can create a regimen that becomes a healthy habit over time.

So, too, with data.  Some of us are actually  more attached to certain kinds of data than we are to some physical artifacts. But more data doesn’t necessarily mean better data. And data loses value quickly. When data no longer serves a purpose, keeping it is just a liability. It’s the fire hazard in our attic—that pile old newspapers that is doing us no  good, but could become a huge problem if it lights. When data is no longer relevant, accurate or necessary, follow your data governance framework and data retention policy and pseudonymize, de-identify or delete it.

At the end of the day, data minimization is a good thing for  consumers. But it’s also a potential boon to organizations in the form of developing mature and successful privacy compliance and data governance programs. If those things don’t spark joy in the boardroom, what will?

 

 

 



Tags :   data governancedata minimizationKonmari methodMarie Kondoprivacy

Previous Post Next Post 

About The Author

theprivacyguru


Number of Posts : 130
All Posts by : theprivacyguru

Related Posts

  • Privacy for Humans

  • Companies Tout Privacy as a Business Advantage

  • Apple & ACLU: Privacy is Good for Business

  • Privacy Guru Podcast Recommendations for 2018

Comments ( 1 )

  • John Berard Sep 06 , 2019 at 9:39 pm / Reply

    It was a Jesuit priest who first properly framed data minimization for me in the context of the clothes hanging in my closet. “If you haven’t worn it in the last year,” he said, “it’s no longer yours.”


Leave a Comment

Before posting a comment, please read our Comment Policy

Click here to cancel reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>





  • Error

    Fans
  • 3896

    Followers
  • Subscribe

    RSS Feed

Recent Posts

  • The Privacy Field Needs More Diversity
  • Covid 19 -Ethical and Privacy Concerns
  • Celebrating International Women’s Day
  • These are a Few of My Favorite Podcasts on Privacy, Security and Technology
  • Building Trust in Data Protection and Compliance

Archives

  • August 2020
  • June 2020
  • March 2020
  • February 2020
  • December 2019
  • October 2019
  • September 2019
  • July 2019
  • June 2019
  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • August 2017
  • July 2017
  • June 2017
  • March 2017
  • February 2017
  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • September 2016
  • August 2016
  • July 2016
  • June 2016
  • May 2016
  • April 2016
  • March 2016
  • January 2016
  • December 2015
  • November 2015
  • October 2015
  • September 2015
  • August 2015
  • July 2015
  • June 2015
  • May 2015
  • April 2015
  • March 2015
  • February 2015
  • January 2015
  • December 2014
  • November 2014
  • October 2014
  • September 2014
  • August 2014
  • July 2014
  • June 2014
  • May 2014
  • April 2014
  • March 2014
  • February 2014
  • January 2014

Categories

  • Uncategorized
The personal views expressed on The Privacy Guru blog are my own, not those of my employer. The information contained on the blog is not legal advice.

Phone: 415 713 0271 | Email: alexandra@theprivacyguru.com

© Copyright 2017 THEPRIVACYGURU. All Rights Reserved.    terms of use | privacy policy
Follow theprivacyguru on Pinterest Follow theprivacyguru on Instagram