O3.5 Integrate strict data minimization protocols into design

Practices

  • Design forms and digital interfaces that collect only essential information (e.g. GDPR - General Data Protection Regulation).

  • Implement methods where direct identifiers are removed or replaced with pseudonyms.

  • Pseudonymized data might still be re-identifiable and should not be treated as anonomized without further scrutiny. It still requires access management, controlled processing enviroments, transaction protocols and a liability regime for misuse.

  • Periodically review data collection practices and storage to identify and eliminate unnecessary data, similar to practices in the California Consumer Privacy Act (CCPA).

Resources

Last updated