What are good examples of Data Minimization?
- Notifying visitors that the purpose of collecting their biometric data as part of a fingerprint check at the entrance of a building is to prevent unauthorized persons from entering the premises.
- Allowing website visitors to opt in to future mailings and information (as opposed to opting out)
- Asking for the emergency contact information in situations where there is potential for physical harm or other medical concerns.
- Properly deleting data per the organization’s stated retention policies, once it reaches the end of its useful life. Note this example applies to data in general, not just formal records.
What are examples of Data Minimization mistakes?
- An organization is looking to identify a Mr. John Q. Public about something (he is a creditor, he is a witness, he is a beneficiary, etc.). As it is a common name, the organization collects personal data on numerous potential JQP’s until they home in on the proper one. Instead of deleting all the information from the “wrong” JQP’s, they keep it without realizing that they are over-retaining PII from people who are not directly relevant to the goal or intent.
- An online food delivery app collects your cell phone number in order to “aid in the delivery of your food, in the event there is a problem, or we need to contact you.” However, at the end of your transaction (and the food is delivered and paid for), they maintain your cell number “for marketing purposes,” a new and unrelated use that was not disclosed at the point of acquisition, nor strictly required to deliver the service you requested.
- Using a generic form to ask all job applicants for personal data, such as health conditions, that are only applicable to certain manual or hazardous jobs, and not all roles.
Additional Data Minimization Resources
Learn how other enterprises used AutoClassification to incorporate data minimization into their privacy efforts, read additional posts from our data minimization subject matter experts and view our on-demand webinar series on data minimization and data privacy:
Managing GDPR Data Subject Access Requests (SAR’s) with PowerHouse AutoClassification
Valora was asked to provide a solution to the growing number of Data Subject Access Requests (“DSARs”)…
Solution Spotlight: Knowledge Management
Often with multiple data repositories and millions of files under their jurisdiction, KM professionals must analyze…
Utilizing Software to AutoIndex Insurance Records
Valora installed a custom-configured PowerHouse system onsite at the client’s location in a Midwestern state…
8 Key Differences Between eDiscovery & Information Governance
IG is a new field of practice that encompasses some, if not all of the elements of ED, but also much more…
Top 10 Reasons IG Projects Fail
Join industry experts and collaborators of the recent whitepaper “Top 10 Reasons IG Projects Fail” as they discuss the common pitfalls (and how to avoid them)…
Managing Records Retention with AutoClassification
Discover strategies to manage and automate data classification, records retention and ROT reduction with AutoClassification.