Less is More – Data Minimization and Cyber Risk Management

Data minimization, which refers to the practice of limiting the collection and retention of information to that which is directly relevant and necessary for a specified purpose, can be an effective cyber risk management practice. This is because the less personal information an organization collects and retains, the less personal information will be vulnerable to data security incidents and the less effort (and cost) will be required to safeguard the personal information or respond to data security incidents.

For legal compliance and cyber risk management purposes, Canadian organizations should establish and implement written policies and procedures that comply with data minimization requirements. In particular, organizations should collect personal information only when necessary for legitimate business purposes, and should securely dispose of, or effectively de-identify, collected personal information when it is no longer required for the relevant purposes.

To read more, click here.

This content has been updated on September 3, 2017 at 22 h 25 min.