Data Lifecycle Management
The volume and complexity of digital data generated by companies and their customers are exploding rapidly. Companies recognize the competitive advantages that can be gained from better understanding their data and want to unlock the full value of it within their systems.
Regulations are mandating a data minimization strategy in place. However, in our experience, most companies are not clear on what data is needed and why. This over-accumulation of data is risky, expensive, and hinders Data Minimization as there is a lack of confidence in and understanding of the data to perform the required functions on it.
Setting up systems and processes to get full insight from data and effectively executing these plans are the newest frontiers in business strategy. Informed and efficient creation, consumption, and destruction form the crux of robust Data Minimization. A gap in knowledge of the intent and the use of the data is what leads to inefficacies in Data Minimization, the effectiveness of the latter depends on the effectiveness of the former.
What is Data Minimization
Data minimization is the practice of limiting the collection of personal information to what is needed for the intended purpose. Article 5(1)(c) of the GDPR states, “personal data shall be adequate, relevant and limited to what is necessary for relation to the purposes for which they are processed (data minimization).” Though not mandated under the California Consumer Privacy Act (CCPA), data minimization is a requirement under the California Privacy Rights Act (CPRA).
Embracing data minimization will save time, money and reduce risks for the organizations. Excessive data not only makes them vulnerable to privacy breaches but also makes it difficult to store and manage data. In 2019, the electronic payment company UAB Mister Tango was penalized by the Lithuanian State Data Protection Inspectorate (VDAI) for collecting excessive data and storing it longer than necessary. The case marked the first administrative fine in Lithuania for violation of GDPR, emphasizing the fact that data minimization requirements need to be met diligently.
Embracing data minimization, as one of the most important tools in the toolbox for privacy, shows an organization’s commitment to privacy. Companies do not utilize 90% of the data collected either due to technology limitations or feel the data is not appropriate for decision making. Companies need a clear understanding of data being used and not being used. Furthermore, the value of data diminishes with time. Deleting obsolete data on a regular basis will ensure the availability of current and accurate data for analytics.
Data Lifecycle Management involves making important decisions around data, beginning with its collection to its eventual deletion. Making these decisions requires having integrated information about the data from various sources, such as its purpose and its usage. Data Minimization in turn depends on these decisions and is often hampered when there is a gap in the knowledge and accuracy of the data leading to those decisions.
Our services like DataMap, Retention Mapping and RRS Report Mapping offer insight into the various business functions and enable you to make these informed decisions in the best interest of your company.
01. Data Map
The Data Map provides a comprehensive footprint of data and data-related processes across the organization. Track, manage and understand the data collected and stored across various company systems. Maintain access to key IG factors such as data storage (what data is stored where), data usage (its uses and purpose), and data access (who has access to what data)
02. Records Retention Schedule Mapping
Meru's Data Management Tool allows mapping of retention schedules directly to data sources in the DataMap, bridging the gap between the data and its regulatory requirements. Once mapped, it connects the dots between various pieces of information, facilitating analysis of data and giving a deeper understanding of the data to help make more informed decisions.
Mapping the retention to the DataMap integrates information from both, equipping the Data Minimization process. For example, to delete certain data, details like its use and last use, on which the retention period is dependent, can be tracked and obtained from the DataMap, while its retention period details can be obtained from the Retention Schedule.
03. Defensible Deletion
Our tool enables Data Minimization by providing the service to accurately locate and directly delete, manage, monitor, label, and categorize files saved in various document stores like SharePoint, OneDrive, etc.
Another available option in place of deletion is Data Anonymization, which is the removal of personally identifying information from the data collected and stored.
Our Data Lifecycle Management program spans the IG spectrum and seamlessly integrates the above services to provide accurate, reliable information that facilitates smooth functioning under Data Minimization
We also bring a wealth of consulting experience across different industry sectors to help our customers rapidly augment their Information Governance efforts. We have helped with assessments of the current state and benchmarking around Information Governance.
Benefits of Data Minimization
Compliance with Regulatory Requirements: Privacy regulations like GDPR and CPRA mandate the management and secure deletion of data, especially sensitive information. This has always been the case in heavily regulated sectors like Financial Services and Healthcare.
Reducing redundant, obsolete, and Trivial data (ROT): ROT data is constantly increasing and taking up space and time. Identifying and deleting redundant, obsolete, or trivial data generated routinely will help us to focus on data that matters.
Security and Costs: Timely disposal of unwanted data considerably improves the security posture of the company. It drives significant reductions in eDiscovery costs, storage, and licensing costs.
Find interesting topics and news related to Privacy and Information Governance.