O3.5 Integrate strict data minimization protocols into design
Practices
Design forms and digital interfaces that collect only essential information (e.g. GDPR - General Data Protection Regulation).
Implement methods where direct identifiers are removed or replaced with pseudonyms.
Pseudonymized data might still be re-identifiable and should not be treated as anonomized without further scrutiny. It still requires access management, controlled processing enviroments, transaction protocols and a liability regime for misuse.
Periodically review data collection practices and storage to identify and eliminate unnecessary data, similar to practices in the California Consumer Privacy Act (CCPA).
Resources
Last updated