When bigger isn’t better: What is Data Minimization and why you should use it for quality data?
We often say that less is more, and in term of data collection, it seems to be the actual truth.
Even California tech giants and governments are beginning to understand the drawbacks of a “keep everything” approach.
Data minimization: What is it? And why you should use it?
Data minimization is the process of limiting the collection of personal information to that which is directly relevant to the business in question and necessary to achieve a specific purpose.
When companies first started to understand the importance of data, the watchword was to keep everything… and forever!
As global cloud computing and IoT continue to expand, companies face more and more ways to collect more and more data types, including private and sensible data. Decision-makers and analysts are then confronted with a flow of sometimes irrelevant information and becoming more and more challenging to process. This is infobesity.
But some recent legislation has forced companies to take action. The GPDR law says: “Personal data shall be adequate, relevant and not excessive concerning the purpose(s) for which they are processed.” Any personal information collected must be justified by the purpose the objective of your approach. The time when companies ask the age of the user and systematically collect the IP address is over.
The law doesn’t define “adequate, relevant and not excessive,” but in effect, it means collecting and keep only the minimum amount of personal data necessary to achieve your purpose. All of these principles are now known as “data minimization”.
In case some company decision-makers are still in favour of the “keep it all” method. It is now impossible to ignore the risks that these practices represent for companies and citizens. This costs money, time and can sometimes become very dangerous. Instead of a “save everything” approach, competent data managers are now adopting a data minimisation policy, keeping only relevant and necessary data. Even companies like Carrefour rely on only the last five weeks of data for their merchandising strategies.
How can companies take advantage of data minimization?
Benefit #1: You won’t be a gold mine for hackers.
Too much data carries significant risks. The consequences of data loss and the breach must be highly considered and prevented. A major leak of sensitive personal information can quickly destroy a business or even result in criminal charges for negligence. Imagine how stupid it would be to be charged for this kind of thing when you didn’t even need the data you lost in the first place!
Data theft affects over 25,000 companies in Europe. Several significant fines have been proposed under the GDPR for data breaches (a $99 million fine was levied against Marriott and a $230 million penalty against British Airways).
Benefit #2: Get the most of your data.
Too much information kills information. Analysts today get lost in the flow, and global data is growing at 61% per year. The traditional approach of “Everything is good to keep” leads to a lot of waste information that makes it very difficult to access relevant data when needed. This will result in biased elements and cause more complex decision making.
By working with less data, it will be easier for analysts to select the most relevant one.
Benefit #3: Be ahead of the game and anticipate future regulations.
This significant European legislative change has been in effect since May 25, 2018. No doubt that this part about minimizing the data collected has convinced companies to change their philosophy and think about the data needed before launching into a collection. It is often said that laws are ahead of minds, anticipating the selective collection of data will allow companies to react more to future regulations.
Time seems to prove the defenders of data minimization. Data collection is now primarily regulated in most countries, and the value of information is rapidly diminishing, so keeping it for further use is a dangerous path. Minimizing the amount of data collected by a company also reduces costs. Data storage is expensive, and no company has an infinite budget to collect and store data indefinitely.
With the implementation of the Data Protection Act, all companies that hold data on an EU citizen will have to adopt a standard operating procedure to minimize risk. But rather than a tedious new requirement, this procedure should benefit both the company and the people it aims to protect.
More to read :
About this article
This article has been written by a student on the Grenoble Ecole de Management’s Advanced Masters in Digital Strategy Management. As part of a content creation assignment, students are given the task of writing articles based on their digital interests and disseminate the articles online. Articles are marked but we make minimal changes to the content. Thanks for reading! James Barisic, Programme Director, MS DSM.
