Data management and protection starter kit: Tip sheet 2: Data minimization

Data minimization is a privacy principle that requires the people collecting data to be intentional about what type of data is collected and how long it is retained. To meet this principle, teams should limit data collection to what is directly relevant and necessary to accomplish a specified purpose. In practice, this means assessing whether personally identifiable information (PII) must be a part of a data set and how long to keep data before disposing of it. Data minimization also refers to de-identification practices in which PII is stripped out of data sets before they are shared
with others or made accessible to the public.