O3.5 Integrate strict data minimization protocols into design

Principle

O3 Ensure data privacy by design

Risk

SV 1 Digital distrust

RS1 Privacy Vulnerability

Life Cycle Stage

L2 Strategy and Design

Practices

• Design forms and digital interfaces that collect only essential information (e.g. GDPR - General Data Protection Regulation).

• Implement methods where direct identifiers are removed or replaced with pseudonyms.

• Pseudonymized data might still be re-identifiable and should not be treated as anonomized without further scrutiny. It still requires access management, controlled processing enviroments, transaction protocols and a liability regime for misuse.

• Periodically review data collection practices and storage to identify and eliminate unnecessary data, similar to practices in the California Consumer Privacy Act (CCPA).

Resources

Case Study

( to come soon..)

References

International Association of Privacy Professionals (IAPP) Privacy International; Department of Homeland Security. Privacy Impact Assessments.