Data Minimization is the “New Black”

Data Minimization is the “New Black”

I was recently asked by my friends at Relativity to submit a prediction for a New Year’s webinar and here was my prognostication:

2019 will be the year that “data minimization” finally becomes in vogue. The combination of privacy (GDPR, CCPA, etc.) and cyber (23 NYCRR 500) regulations means the calculus for retaining data has evolved - since the risk of loss is now more certain than ever. ...The “realized value” of information will become the new standard.

Given what it means to be “in vogue” - data minimization has the potential to become the “new black” in 2019 due to the ascendancy of data privacy as an emerging right (particularly here in the states). I won’t recite the litany of country specific regulations (like the GDPR and impending CCPA), but instead will report from technology leaders like Apple’s Tim Cook:

In 2019, it’s time to stand up for the right to privacy—yours, mine, all of ours. Consumers shouldn’t have to tolerate another year of companies irresponsibly amassing huge user profiles, data breaches that seem out of control and the vanishing ability to control our own digital lives. That’s why I and others are calling on the U.S. Congress to pass comprehensive federal privacy legislation—… I laid out four principles that I believe should guide legislation: First, the right to have personal data minimized.

This “minimization” call to action has been heard by at least some progressive, privacy-oriented legislators:

"We must pass laws that require data minimization, ensuring companies do not keep sensitive data that they no longer need.” -Sen. Mark Warner D-Va, cofounder of the Cybersecurity Caucus (12/6/18)

While a nationwide legislative framework isn’t without any number of challenges, some state-specific regulations already address the issue head-on. For example, the New York Cybersecurity Regulations explicitly require data minimization as a key part of the regulatory scheme.

Section 500.13 Limitations on Data Retention. As part of its cybersecurity program, each Covered Entity shall include policies and procedures for the secure disposal on a periodic basis of any Nonpublic Information identified in section 500.01(g)(2)-(3) of this Part that is no longer necessary for business operations or for other legitimate business purposes of the Covered Entity, except where such information is otherwise required to be retained by law or regulation, or where targeted disposal is not reasonably feasible due to the manner in which the information is maintained.

The use of technology to combat the privacy incursions (that technology has ironically created) is an obvious fix. This too was noted by Tim Cook:

This problem is solvable—it isn’t too big, too challenging or too late. Innovation, breakthrough ideas and great features can go hand in hand with user privacy—and they must. Realizing technology’s potential depends on it.

As notions of data minimization become a “must have,” there are broadly two ways to solve the proliferation problem. The first is the type of data clean-up that is a core element of a mature information governance program. File analysis software provides this clean-up functionality as table stakes, either as part of ROT (redundant, obsolete or trivial) elimination or as a precursor to a data migration.  

To finish the article, click here.

Yana Cheredina

Vice President Information Technology at Devox Software

9mo

Dean, thanks for sharing!

Like
Reply

To view or add a comment, sign in

Insights from the community

Explore topics