Data minimization can be a powerful – and seemingly simple – data security measure. The term refers to retaining the least amount of personal information necessary in order for an organization to function. Less information means that there is less that the organization needs to protect, and less opportunity for information to be lost or stolen.
In practice, data minimization requires organizations to fully understand where they collect information, why they collect information, and where it is stored. It also requires difficult decisions regarding what information the organization will likely need in the future from a business perspective, and what impact having limited consumer or employee records may have on potential legal disputes if they arise. For example, an organization that chooses to implement a 30 day or 60 day automatic “roll off” policy for employee email may not be able to identify email exchanges between an employee and a vendor that relate to a contract dispute that arises months later.
What to think about when designing a retention policy:
1. Do you systematically track all of the data fields that your organization collects from consumers and employees?
2. Do you systematically apply retention periods to each data field that you collect?
3. Do those retention periods reflect the current business needs, or estimates as to possible future business needs?
4. For a particular data field, what time period is typical in your industry and for the type of data at issue?
5. Should you attempt to anonymize (sometimes called de-identify) data after a certain amount of time?
6. If you do anonymize data, is your organization’s process of anonymization legally sufficient?
7. What data and documents are you legally required to retain, and for how long must they be retained?
8. If you decide to retain other data and documents, how does it increase or decrease your legal risk?
9. What additional data that, if collected, is your organization likely to need in the next 12 months?
10. What steps are taken to irrevocably destroy data that is no longer needed?
The following provides snapshot information concerning document retention policies.
>8,000 emails
Average size of employee inbox.1
|
16 million
Number of pages of Excel data files that could be on a 100GB hard drive.2
|
9 months - 18 months
Length of time identifying search history is kept by major search engines.3&4
|
“The indiscriminate collection of data violates the First Commandment of data hygiene: Thou shall not collect and hold onto personal information unnecessary to an identified purpose. Keeping data on the off-chance that it might prove useful is not consistent with privacy best practices.”
- FTC Chairwoman Edith Ramirez5
[1] Dave Troy, The Truth About Email: What’s A Normal Inbox? (April 5, 2013) https://pando.com/2013/04/05/the-truth-about-email-whats-a-normal-inbox/.
[2] See, Lexis Nexis, How Many Pages in a Gigabyte?, https://www.lexisnexis.com/applieddiscovery/lawlibrary/whitePapers/ADI_FS_PagesInAGigabyte.pdf.
[3] Another Step to Protect User Privacy, Google Official Blog, (September 8, 2008), https://googleblog.blogspot.com/2008/09/another-step-to-protect-user-privacy.html.
[4] Yahoo, Data Storage and Anonymization FAQ, https://policies.yahoo.com/us/en/yahoo/privacy/topics/datastorage/index.htm.
[5] Edith Ramirez, The Privacy Challenges of Big Data: A View From the Lifeguard’s Chair, Keynote Address Technology Policy Institute Aspen Forum, (August 19, 2013), https://www.ftc.gov/public-statements/2013/08/privacy-challenges-big-data-view-lifeguard%E2%80%99s-chair.
[View source.]
