Menu

We provide data protection and AI governance assurance, delivery and governance services to enterprise, SME and third sector customers around the world. Whether you need targeted support or a comprehensive programme, Securys will work with you to embed sector best practice and regulatory compliance; we help you transform data from a risk into an asset.

Article

Data minimisation: Why less is more

8155711

In a world driven by data, collecting less can mean more. The overcollection of data can put financial advisory organisations at risk by increasing exposure to breaches, security threats and compliance failures, that could further lead to bulky fines. It also erodes customer trust as clients expect businesses to respect their privacy and collect only what is necessary. This is where understanding and applying data minimisation practices becomes relevant. 

What is data minimisation?
Data minimisation is a core data protection principle that relates to the practice of collecting and keeping the bare minimum amount of personal data/ information on an individual, focusing more on quality over quantity. 

i. Data should be adequate and sufficiently fulfil its purpose,
ii. Data should be relevant and have a rational link to its purpose, 
iii. Data should be limited to what is necessary in relation to the purposes of collection.

Financial advisory organisations might over collect personal data, for example, by gathering all past employment records when only current income and employer are required for financial advice or asking for health data during routine pension fund withdrawals. Evidence has been found that UK financial firms use excessive personal data and algorithms in ways that introduce bias. An example being the use of ethnicity to influence products, pricing and service quality. 

What are the benefits of data minimisation?

i.    Simplification of Business Operations 
Collecting only the essential information needed for specific purposes simplifies operations across different departments (such as Marketing, HR) as there is less data to handle and manage, allowing the organisations to increase their efficiency and effectiveness.  

ii.    Compliance with Data Regulations 
For companies processing personal data, compliance with data protection regulations is essential. Data minimalism ensures that organisations collect only what is necessary, thus proactively mitigating and preventing legal risks and hefty penalties. 

iii.    Faster Response to Data Subject Rights Requests
If the organisation does not retain or collect non-essential data, it can respond more quickly and efficiently to requests as it becomes easier to find and share information requested and fewer resources need to be allocated to sift through the data or to transfer it to another organisation.
 
Why is data minimisation important?
Wealth managers routinely collect large volumes of personal data, often without clear justification or ongoing review. Outdated data is commonly retained, such as inaccurate contact details, addresses, etc. Collecting the bare minimum of personal data is an essential step for establishing a secure, ethical and privacy-protecting digital landscape. 

i.    Reduction in Privacy Risks
Less is more with regards to managing a potential data breach. By limiting the amount of data that could potentially be breached, an organisation can reduce both its attack surface and its risks. 

ii.    Promotion of Ethical Use of Data 
Data minimisation promotes an ethical use of data and contributes to building a culture of trust and credibility with customers and clients. It not only protects an individual’s privacy but also promotes an environment of honesty and integrity in an organisation’s data-related activities by collecting and retaining only the necessary data. 

iii.    Cost savings
Storage and processing large volumes of data can be expensive in terms of infrastructure, data processing resources and maintenance. It also slows down processes and complicates the fulfilment of legal obligations like data subject rights requests.  By collecting and storing less data, organisations can lower their operational expenses.  

iv.    Corporate Social Responsibility
By reducing the volume of data that an organisation collects and stores, the carbon footprint associated with data centres is reduced that allows organisations to be more ethical and contribute to their sustainability programs. 

Checklist
If you are a wealth manager that is processing the personal data of your employees/ customers/ clients, here is a quick checklist to review your data minimisation practices:

☐    We only collect personal data we need for our specific, documented purpose(s).
☐    We have sufficient personal data to fulfil that purpose properly.
☐    We periodically review the data we hold.
☐    We regularly delete the data we do not need. 

(Hint: You should be selecting all of them!)

Wealth management companies and financial advisory organisations must focus on data minimisation and practices to protect their clients against privacy and security risks. Every piece of data collected should serve a purpose and be explainable to users. 
If you have missed a tick in the checklist above, we are happy to discuss how we can help you to address it.


Act now and speak to us about your privacy requirements

Start a conversation about how Privacy Made Practical® can benefit your business.

Click here to contact us.

Back to top