With big data coming in full form to help Internet of Things (IoT) devices, companies are collecting more and more user data to help them create better products. In fact, some companies never delete user data, even if they are probably never going to use it. If you work in a tech company, we are sure you have never, ever heard your boss say – “Delete it.” Nobody deletes anything in the IT industry. Documents are versioned, and every version of them is kept safely on the company’s servers. In fact, Amazon’s CEO, Jeff Bezos was quoted saying, “We never throw away data.”
But, that’s just one part of the story. As the data increases at an exponential rate, companies need to get more servers, hire more staff to handle those servers and at the same time they have to make sure that all the data on their servers is secure, and it follows the guidelines set out by the government. This obviously increases costs, and it doesn’t make sense to pay for data that you are never going to use.
(Infographic Source: Datameer)
This is the reason organizations are finally realizing that when it comes to data, “less is more” approach can go a long way. Governments are also taking note of the fact that companies all over the world are collecting more user data than they actually need in the first place, and this violates user privacy.
The European Union has already introduced an amendment to the Data Protection Act and according to this amendment, “Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.”
And this is the very core purpose of data minimization
What is data minimization
Basically, data minimization means only collecting a part of the data which is required by the organization and relevant to it as well. There was a time when collecting a large quantity of data suddenly became easy, organizations were bombarded with a large amount of data and they decided to save it all.
But as the IoT grows, organizations have several other ways to collect various kinds of data, and that also includes users’ private data. The main reason why organizations are continuously saving data even though they are not currently using it is because they think this data might come in use in the future. Though the fact is, it is technically data hoarding, and it is already causing organizations a lot of money.
Organizations need to practice data minimization
Google already announced last year that it will be taking user privacy seriously by offering more personalized features and storing less user data on its servers. Apple also followed the lead and announced that it would not be storing user data on the cloud on iOS 9 and the subsequent iOS versions. Instead, the private user data would only be stored on the local machine.
As we mentioned, the major benefit of data minimization is lesser costs. After all, storing data costs a great deal. At the same time, storing less data also means the organizations are less prone to risks and breaches. If you are a rookie to regulations and compliances, then you should know that every company in a specific sector that stores user data online has to follow certain rules. And if they don’t, the government can file a case against them for breaching those regulations. For instance, companies in the health sector have to follow HIPAA and HITECH compliances.
But, what happens when an organization loses some of its data? Even though that data wasn’t useful for the company at all, they lose their reputation in the market, and they would also have to pay for data breach. According to a study conducted in 2009, the per-record cost of a data breach is $209. So basically, if a company loses 100,000 records of user data, then they would lose $20 million.
And with the new amendment in the European Union law, many European companies would now have to practice data minimization and make sure they are not collecting unnecessary user data.
Organizations all over the world now need to think carefully before storing data. They have to analyze and decide if the data they are collecting is useful right now or it would be useful in the next five years, and they also have to decide if lesser sensitive data could be collected instead. Governments slowly realize the power of data and their laws will only get tougher from here.
By Ritika Tiwari