Organizing Data Storage Key to Data Minimization, Privacy Experts Say
Having thorough and understandable guidelines for highly organized data storage is key in data minimization, which saves money in the long run, said a panel of privacy experts during a HaystackID webinar Wednesday on data minimization.
Sign up for a free preview to unlock the rest of this article
“Data minimization is trying to control how much data your organization is retaining,” said Tara Emory, legal technology lawyer at Covington and Burling. “You intentionally retain certain things, and you intentionally then also dispose of information that you don't need.”
Minimizing the amount of data stored can save a lot of legal hassle, said Esther Birnbaum, executive vice president of legal data intelligence at HaystackID. “From a corporate perspective, anything related to data minimization, the question is, ‘what do we have to do so we don't get fined or sued?’” she said.
This topic is being discussed more and more as “increasingly, you are seeing this concern about sensitive personal data,” said Peter Hyun, former acting chief of the FCC Enforcement Bureau.
Cybersecurity and information governance, like document retention and disposition, “were like those fruits and vegetables that we always knew that we should be eating every day” for healthy data hygiene, but it was low priority the past several decades, said Chris Wall, HaystackID data protection officer. But now with the GDPR and all the state privacy laws, that has changed, “so when we look at ourselves in the mirror in 2025 it becomes abundantly clear just how important it was for us to have been eating all of that leafy cybersecurity and fiber-rich [information governance] for the last 20 years, and privacy is the catalyst. It's the cholesterol of the information governance world.”
“Now that our data hygiene is called into question because of these privacy regulations, we need to take a hard look in the mirror and examine our data hygiene,” Wall continued.
An essential component in data hygiene is having a strong way to organize data, Emory said. “An organization needs to know its data, know what its legal requirements are, but also look where its other risks arise and deal with all of its data in a responsible and operationalized way,” she said. “You don't want to just do a little cleanup here and there. You want to have an entire program built around managing your data.”
The less data stored, the better in the instance of a breach, said Emory, especially in the wake of AI tools. “Really locking down all of your security is becoming so much more important now, where you may have a chatbot gathering all kinds of information from around the company and just telling any employee who didn't even know they were asking for it about what's in those documents,” she said.
Additionally, “the more data you have, the harder it is to stay in compliance,” Birnbaum said. “The harder it is to respond to requests to obfuscate or erase data.” Wall agreed, and said there are more costs, in both time in money, with staying compliant when excessive amounts of data are stored.
Having a thorough organizational system can also help explain why the information retained is necessary to keep, Emory said. “You should be able to show why this type of information is important,” she said.
A privacy panel hosted by Exterro on Feb. 19 also emphasized that minimizing the amount of data collected and stored can diminish the risk of data breach litigation and reduce storage costs (see 2502190062).