Guest post: Debbie Reynolds on the significance of Data Minimization
Updated: Mar 3
At the Data Collaboration Alliance our mission is to support technologies and frameworks that advance the ability to control data in order to support Collaborative Intelligence outcomes.
While the shift from data choas to data control will not happen overnight there are many steps that organizations can take in order to mitigate the risks associated with data copies and proliferation.
Collectively, these steps are described as "Data Minimization" and in this Community Voices video we hear from data privacy expert and Node Zero community member Debbie Reynolds about some of the best practices involved.
Node Zero community
Node Zero is our free community of data-centric problem-solvers who join forces to collaborate on datasets and free tools in support of their fellow professionals and our research partners.
About Community Voices
Community Voices provides an outlet for our members to share what they have learned with the great World.
Debbie: Today. I want to talk about data minimization is one of my favorite topics because I feel like this is something that any organization can do whether it be done with technology or all analog ways that people used to do things.
So data minimization is part of a framework. Call privacy by design and privacy by design was invented by a Canadian.
Her name is Dr. Anne Cavoukian and privacy by design is an international standard and a framework that's been translated into over 40 languages over the last 20 years. So data minimization is important because it not only. Tenant of privacy by design, but it's actually one of the most useful ways that organizations can minimize their risk of handling data in terms of data, privacy, laws, regulations, and the rights of individuals.
So some things that people can do to improve. Data privacy by design and data minimization will be first of all, think about what is the purpose that you're collecting the data. So you don't want to over collect information, especially if you feel like either this information will be a higher risk for the organization or something that may not truly be needed at a business process down the line.
So. First step that I would recommend that organizations take another step that I recommend that organizations take within enterprises is to minimize the number of people that have access to data that is subject to data, privacy regulations. So you only want people to have access to the data that need to have access.
So that way you're minimizing your risks within the organization of running a foul of data privacy, regular.
Also within organizations is very important for businesses to find ways to minimize the duplication of information. Let's say we have one business. That has sensitive information in it that may be subject to data privacy regulations.
If that information is being duplicated or replicated within the organization, it just duplicates and replicates your risk of handling that data. So being able to minimize the copies and minimize the number of people they're looking at will greatly minimize your risks when you're handling data. Then lastly, one thing I recommend people do is make sure.
Again, that organizations pie their data to a purpose. So if you're tying data to a purpose, once the business purpose is done, you should delete the data. Get rid of the data, find some way that you've re returned the data to the individual.
So, This is a harder thing for organizations to do because they traditionally have not done this.
And it's not as easy as saying, you know, every year or every two years, let's delete all data that we have since X. So it really is tying the data to a business purpose and figuring out within an organization.
What is the trigger that will let us know that we need to really delete this? Data minimization can serve organizations through every step of a data process.
And I think it's something that. Corporations and organizations need to look at very closely