As data storage becomes less expensive, it may start to seem as though there is little reason not to collect and retain as much data as possible about your users. However, the apparent ease of accumulating masses of data can hide enormous costs due to user dissatisfaction, security breaches, time-consuming subpoena requests, and privacy and free speech firestorms.
-
Capture only the data you need for your service or that you are legally required to capture. AOL reportedly receives
more than 1,000 subpoenas every month requesting information about its users.
Other tech companies may face similar numbers of requests, although they do not reveal exact numbers. An efficient way to avoid these costs is to capture only the data you need for your service. Do you really need an individual’s name, address, and phone number? Alternatively, could your company get by just as well with only one of these pieces of identifying information? Or none?
59% of adults in a 2008 study had refused to provide information to a business or company because they thought it was not necessary or too personal.
-
Store only necessary data. Even if you needed to capture identifying information in order to handle a specific transaction, there may be no need to retain it after the transaction is complete. Any data collected should be purged in its entirety after it is no longer necessary. Personally identifying information should rarely be retained for more than a few weeks.