1 of 1

O3.5 Integrate strict data minimization protocols into design

Practices

Design forms and digital interfaces that collect only essential information (e.g. GDPR - General Data Protection Regulation).
Implement methods where direct identifiers are removed or replaced with pseudonyms.
Pseudonymized data might still be re-identifiable and should not be treated as anonomized without further scrutiny. It still requires access management, controlled processing enviroments, transaction protocols and a liability regime for misuse.
Periodically review data collection practices and storage to identify and eliminate unnecessary data, similar to practices in the California Consumer Privacy Act (CCPA).

Resources

O3.5 Integrate strict data minimization protocols into design

O3 Ensure data privacy by design

SV 1 Digital distrust

RS1 Privacy Vulnerability

L2 Strategy and Design

Practices

Design forms and digital interfaces that collect only essential information (e.g. GDPR - General Data Protection Regulation).
Implement methods where direct identifiers are removed or replaced with pseudonyms.
Pseudonymized data might still be re-identifiable and should not be treated as anonomized without further scrutiny. It still requires access management, controlled processing enviroments, transaction protocols and a liability regime for misuse.
Periodically review data collection practices and storage to identify and eliminate unnecessary data, similar to practices in the California Consumer Privacy Act (CCPA).