Email or username:

Password:

Forgot your password?
Em :official_verified:

Gentle Privacy and Security Reminder
for Organizations šŸ”’šŸ—‘:

One of the easiest way for your organization to not have data stolen in a data breach, is simply to not have this data.

One of the easiest way to save your organization future headaches and costs is to simply delete thoroughly the data you do not need anymore as soon as you do not need it anymore.

Whenever possible, it's even better to not collect it at all in the first place.

You might need to retain some data of course, but when an incident occurs, you will greatly reduce the harm, damage, and cost if you keep only the minimum data required.

You cannot be held accountable for the data you simply do not have.

Keep this in mind! āœ”ļøāœØ

#TinyPrivacyTip #Privacy #DataMinimization #DataDeletion

15 comments
loucovey

@Em0nM4stodon That kinda depends on the kind of business. The US Banking Secrecy Act requires all companies dealing with the transfer of money to keep PII for seven years. A similar law in the EU requires it be kept for 10 years, and Australia requires 99 years. In the US, PHI has to be kept for 6 years.

Em :official_verified:

@Loucovey

Indeed. This means that this data is still needed for 7 years. But it also means it can (and should) be deleted once it is no longer required to be retained.

For example, if the data is no longer needed, it should then be thoroughly deleted as soon as the legal retention period is over. Whether it is 7 years + 1 day, or 10 years + 1 day, or 99 years + 1 day.

Misuse Case

@Em0nM4stodon @Loucovey This is where security challenges and records management challenges overlap on the Venn diagram.

But data minimization is a good principle for addressing both.

gudenau

@Em0nM4stodon Yeah but if you collect all of the data breeches will be easier to detect from the larger transfers! /s

I wish people would get this through their heads, the less of anything you have the less issues you'll have from having it.

BrianKrebs

@Em0nM4stodon Amen. Or as I like to say, you don't have to protect what you don't collect! :)

Mad Alex

@Em0nM4stodon In German the principle is called Datensparsamkeit, literally data frugality.

Alexia :neocat_flag_trans:

@madalex @Em0nM4stodon

Just because it fits, we call the exact opposite of that "Datenkraken", or Data Krakens in English

Or well, we call the services that do the opposite Data Krakens, not the practice itself

JT the Artful :autism:

@Em0nM4stodon See also... customer credit card info. And names, birthdays, addresses, etc of people that AREN'T even buying services or goods from you!

Pisses me off that random websites want this info from people, and then proceed to have 'data breach accidents'. You deliberately collected this info that you didn't need from users. It WASN'T an accident.

(See also recipe websites, semi social websites, websites that force you to register just to see a free article...)

Go Up