Data minimization is the practice of collecting, storing, sharing, and retaining only the data that is genuinely necessary for a defined purpose. It matters because data that does not exist or is not retained cannot be exposed, stolen, or misused later.
What is Data Minimization?
Data minimization reduces unnecessary collection and retention of personal, sensitive, or operational information. It is both a privacy principle and a practical security control because smaller data footprints reduce exposure and governance burden.
What Data Minimization Commonly Affects
Common areas include web forms, analytics collection, retention schedules, access scopes, data exports, and internal workflows that accumulate unnecessary records.
Data Minimization vs. Data Retention
Data minimization focuses on limiting what is collected and kept in the first place. Data retention governs how long necessary data is kept.
Frequently Asked Questions
Why is data minimization good security practice?
Because fewer sensitive records reduce breach impact, lower governance complexity, and shrink the number of places critical data can be exposed.
Does data minimization conflict with analytics or business needs?
Not necessarily. It encourages teams to justify what is truly needed instead of collecting broadly by default.
Related Cybersecurity Terms
