The concept of data minimization has been validated in the Kenyan context by the Data Protection Act 2019. The concept mainly applies to data collectors but can also apply to individual information sharing.
The Data Protection Act of 2019
The data Minimization concept provides that a data collector should limit his collection of personal information to only what is adequate, relevant and necessary to accomplish a specified task. The Data Protection Act 2019 section 25 provides for principles of data protection; Section 25(c, d, and g) states that; personal data collected should be
- c) collected for explicit, specified and legitimate purposes and not further processed in a manner incompatible with those purposes;
- d) adequate, relevant, limited to what is necessary in relation to the purposes for which it is processed;
- g) kept in a form which identifies the data subjects for no longer than is necessary for the purposes which it was collected;
These three provisions are directly linked to the principle of data minimization.
Benefits of Data Minimization to Organizations
Most, if not all, organizations collect data about their employees, customers, partners, and even competitors. Some of the information collected is very specific and personal. The general temptation by companies is data hoarding. This is the collection of as much information as possible and wait for its use to arise somewhere in the future. Data hoarding, however, opens companies up to a myriad of problems;
- Useless junk: Information that is collected and kept for no particular use takes up a lot of storage space, creates clutter and costs more to declutter and organize. Therefore, companies would end up spending more time and resources on information they may never have use for.
- Legal liability: In the case that a company’s systems are hacked and confidential information is compromised, the company would have to explain why it had personal information that it was not supposed to have in the first place and that it was not using for any specific purpose.
Guidelines to live by for Organizations:
Under the Data Protection Act 2019 and other international guidelines, companies should ask themselves these questions (not limited);
- Do the clients/Individuals know that their personal information is being collected?
- How is the organization planning to use the information collected?
- Do the clients/Individuals know why their data is being collected?
- How long will the company need to store the data to achieve its purpose?
- Are there any other means of achieving the organization’s purpose without collecting personal information?
Benefits of Data Minimization to individuals
Some individuals live by the mantra that; if you have nothing to hide, you have nothing to fear. As a result of this belief, they share all kinds of personal information with no caution. Therefore, you can find their ID numbers, their voting polling station, their estate, and even house number on social media platforms.
In today’s tech world, we do not hide personal information because we have skeletons in our closets’ but it is a security necessity. Challenges associated with over-sharing include;
Identity Theft: Whereby someone else takes up your personal information and uses it as though they were you. They could commit acts of terrorism in your name seeing that they have your full name and ID number.
Legal and Criminal Liability: When identity theft occurs, more often than not, it is for illegal purposes. As a result, you may find yourself on the negative side of the law for a crime you did not commit
Financial Theft: When you put up your ATM card number, your bank account details, and other financial information online, it is easy for frauds to gain access to your bank account and make away with your hard-earned money.
Theft and burglary: Constant updates on items in your house along with precise information of your estate/plot and your house number is an open invitation to thieves and burglars.
The end goal of data theft (compromise) is usually financial gain. Engaging with technology requires one to be alert of seen and unseen challenges to avoid finding themselves in a tight spot.