Data Minimization Examples

In our previous blog post on Data Minimization, we discussed what the key concepts are, why data minimization is so important to information governance, and how data minimization is a “must have” to properly comply with global privacy laws.  To help demonstrate good (and bad) practices regarding data minimization, we’ve gathered up a few real-world examples for you to consider.

What are good examples of Data Minimization?

  • Notifying visitors that the purpose of collecting their biometric data as part of a fingerprint check at the entrance of a building is to prevent unauthorized persons from entering the premises.
  • Allowing website visitors to opt in to future mailings and information (as opposed to opting out)
  • Asking for the emergency contact information in situations where there is potential for physical harm or other medical concerns.
  • Properly deleting data per the organization’s stated retention policies, once it reaches the end of its useful life. Note this example applies to data in general, not just formal records.

What are examples of Data Minimization mistakes? 

  • An organization is looking to identify a Mr. John Q. Public about something (he is a creditor, he is a witness, he is a beneficiary, etc.). As it is a common name, the organization collects personal data on numerous potential JQP’s until they home in on the proper one.  Instead of deleting all the information from the “wrong” JQP’s, they keep it without realizing that they are over-retaining PII from people who are not directly relevant to the goal or intent.
  • An online food delivery app collects your cell phone number in order to “aid in the delivery of your food, in the event there is a problem, or we need to contact you.” However, at the end of your transaction (and the food is delivered and paid for), they maintain your cell number “for marketing purposes,” a new and unrelated use that was not disclosed at the point of acquisition, nor strictly required to deliver the service you requested.
  • Using a generic form to ask all job applicants for personal data, such as health conditions, that are only applicable to certain manual or hazardous jobs, and not all roles.

 

Additional Data Minimization Resources

Learn how other enterprises used AutoClassification to incorporate data minimization into their privacy efforts, read additional posts from our data minimization subject matter experts and view our on-demand webinar series on data minimization and data privacy:

ROT & Migration

ROT & Migration

Examine how AutoClassification can automate the tedious task of manually eliminating ROT and de-duping your enterprise’s data…

read more
Back to Resources