Data Minimization: A Crucial Pillar of Cyber Security

Manatt Partner and Privacy and Data Security Leader wrote an article for Cyber Security: A Peer-Reviewed Journal about the importance of data minimization as a fundamental tool to mitigate cyber security risks.

With the average cost of a data breach exceeding $9 million in the U.S. last year, companies should take steps to reduce the amount of old and unnecessary data that can increase the cost of incident response, litigation, and daily business operations. Even if stored data does not hold any value for a company, criminals can profit from or inflict harm  by stealing old but sensitive data, like a list of the social security numbers for employees dating back decades.

Data minimization offers a relatively simple  way to improve cybersecurity, but it also has been increasingly promoted by regulators to protect individuals’ data privacy.

Luehr and Reilly outline proactive approaches organizations can take to analyze their existing records and eliminate unnecessary files that could pose a risk if breached:

• Assemble an effective data governance committee representing different functions across an organization, including legal and compliance, HR, IT and security, marketing and communications, risk management, and separate business operations.
• Launch a “data mapping” project and use new technology to identify and record where sensitive data currently resides and where it flows throughout an organization.
• Begin the process of data minimization, which can take several forms, including:
  • Properly destroying data that is no longer needed
  • Anonymizing or de-identifying data to minimize the risk it poses in the case of a breach
  • Utilizing privacy-enhancing technology to minimize security risks
• Re-evaluate data collection practices to ensure only necessary data is gathered and stored.

Subscribers of Cyber Security: A Peer-Reviewed Journal can read the full article .