This principle requires that agencies only collect information that is both directly relevant and necessary to meet their objectives. This is particularly relevant in the context of new and emerging data, which can frequently be considered Big Data. The agency should retain the information only as long as is necessary to meet its objectives. In addition, any personally identifiable or sensitive information should not be disclosed or shared, unless such uses are consistent with the purposes explicitly specified. Minimizing the amount of PII collected and the length of time it is stored can also reduce the severity of a data breach or other unintended data action, should one occur.
Transportation agencies often talk about collecting data once and using it many times; sometimes for some future unknown purpose. While this is efficient from a data acquisition perspective, it often means that agencies may collect more data elements than they might need for a specific purpose and keep it on hand longer than is necessary. This principle reminds agencies of the potential harm that could arise from collecting superfluous data, or retaining PII longer than necessary. If an agency collects more than necessary, this could lead others to believe the agency will use it in ways that have not been communicated.
An example of how data minimization might work in practice is to envision a wearable device, such as a patch, that can assess a consumer’s skin condition (FTC, 2015). The device does not need to collect precise geolocation information in order to work; however, the device manufacturer believes that such information might be useful for a future product feature that would enable users to find treatment options in their area. As part of a data minimization exercise, the FTC recommends that the company should consider whether it should wait to collect geolocation until after it begins to offer the new product feature, at which time it could disclose the new collection and seek consent. The company should also consider whether it could offer the same feature while collecting less information, such as by collecting zip code rather than precise geolocation. If the company does decide it needs the precise geolocation information, it should provide a prominent disclosure about its collection and use of this information, and obtain consumers’ expressed consent. Finally, it should establish reasonable retention limits for the data it does collect.
A model for this principle in practice is Virginia DOT. In 2008, VDOT implemented a Data Business Plan for the System Operations Directorate to “provide a framework for making decisions about what data to acquire, how to get it, and how to make sure it is providing value commensurate with its cost” (Vandervalk et al, 2012). This plan defines a framework of stakeholders and their responsibilities to safely and efficiently manage the data system. This includes data stewards, coordinators, architects, and custodians, as well as business owners and communities of interest. It also defines the roles and interaction within and among data services, data products, applications, business processes, business areas, and business objectives.
Principle Checklist:
- Does your agency collect information that could identify specific individuals or commercial firms: sensitive, PII, or otherwise?
- Is your agency clear about the specific data to be collected and used and the databases to which it might be linked?
- Could individuals or commercial firms be harmed if the information collected or used by your agency is not properly protected from loss?
- Does your state government mandate how long information can be stored?
- Does your agency have procedures to separately store or remove identifiers from data records once they are no longer needed?
- Does your agency have contracts in place to ensure that subcontractors provide an appropriate level of protection?
Answering these questions can help your agency understand if the principle of data minimization applies to your data collection and use activity, and identify possible actions or tools to aid implementation. If answers to these any of these questions are “yes”, then the principle of data minimization could apply to your agency.