Back to Menu
Connecting You To Opportunity
What can we help you find?
Search|Login|Sign Up
Back to Menu
  • Login
  • Sign Up

Quality Data Only: How to Apply Data Minimization to Your Business

By David Thomas, writer
Aug 17, 2018
Image Credit: NicoElNino/Shutterstock
> Technology

Excess data is a vulnerability for your business. Minimize your data to reduce the risk.

Data minimization has become an issue of great concern among information technology stakeholders. Between the European Union's General Data Protection Regulation and the growing liability of managing large volumes of data in one vulnerable database, businesses are taking a new look at the concept of data minimization.

In fact, data minimization, which involves optimizing data collection and processing workflows to gather and handle data only for explicit purposes, is a fundamental principle of GDPR. This approach allows businesses to collect highly actionable information and mitigate many of the security risks that accompany high-volume big data collection.

If you are considering how to apply data minimization to your business, you need a comprehensive implementation plan that includes these four key principles.

1. Narrow data collection

Determining what data is absolutely necessary is the first step in a successful data minimization strategy. Businesses must narrow their data-gathering techniques to the point where only the most valuable information, however a given business defines that, is collected for analysis. Moreover, for the data that is collected, it's critical to set strict parameters to control the number of privileged accounts that have access to that data. These parameters should be included in any actionable initiative centered on the methodology.

2. User verification and screening

Many bulk data collection workflows function on the assumption that the vast majority of users submit usable, relevant information that they own. In reality, this is not the case.

Many businesses, from startups to multinationals, unintentionally collect large amounts of dangerous data. It could be fraudulent or unconditioned, and thus generates risk for everyone involved simply by sitting in company servers. Strong data minimization plans create user verification and screening processes to weed out such data. For instance, a rideshare company with such tools in place would be able to catch an applicant with a violent criminal conviction attempting to submit someone else's personal details. With these initial assessment procedures in place, organizations will gather only usable information from verified sources.

3. Progressive data management

User data eventually goes stale, yet many organizations do not take this into account, which results in databases stuffed with unusable or incorrect information. This is a burden for not only the IT infrastructure but also the greater business, as it could negatively affect analysis. Data minimization plans with progressive evaluation protocols avoid these issues by working with users to update their data and cultivate databases optimized for actionability. This not only saves the business time and money in the long run, but continues to mitigate risk that inevitably comes as the amount of user data increases.

4. Strategic deletion

Strategic data erasure is a core component of the data minimization methodology. User information has a lifespan, and this has never been truer than in today's fast-moving digital marketplace. Businesses must consistently purge stale data from servers to ensure the information they access is truly valuable and does not pose a security threat. As a result, all data minimization plans should include deletion protocols.

While this is already a requirement for anyone who must comply with GDPR, it is important for even those businesses that may not have to adhere yet. Major steering decisions about a business should always include a discussion about the new types of data needed and any outdated types of information that no longer serve the organization.

Anytime you store data, you are vulnerable to breaches, unverified data and more. There's no way to eliminate those risks altogether. However, companies that pursue sound data minimization strategies can streamline information collection workflows, gather more valuable data and reduce the risk.

Want more advice for your business?
Get free tips from experts in our small business community.
This site is protected by reCAPTCHA. Google's Privacy Policy and Terms of Service apply.
David Thomas
David Thomas
See David Thomas's Profile
David Thomas is the CEO at Evident. He is an accomplished cybersecurity entrepreneur, having held key leadership roles at market pioneers Motorola, AirDefense, VeriSign, and SecureIT. He has a history of introducing innovative technologies, establishing them in the market, and driving growth - with each early-stage company emerging as the market leader. After being recruited by the Department of Defense at 14 years old, David has been at the forefront of cybersecurity, including firewalls as corporations began connecting to the Internet, web security as online shopping emerged, wireless security as Wi-Fi and smart-phones became ubiquitous, and security sensing networks as analytic technology became mainstream.
Like the article? Sign up for more great content.Join our communityAlready a member? Sign in.