Since the implementation of the Data Privacy Act (DPA) in the Philippines and the GDPR in the EU, companies have been battling with their Data Privacy Protection compliance process.
Besides the obvious consequences of the Data Protection Regulations, one unexpected side-effect of all of these compliance efforts has been to unearth how much of data hoarders we have become.
As the Data Protection Regulations enforce the limited retention of all collected personal (and sensitive) data (basically forcing you to throw away all the data, which is irrelevant for your present data requirements), many companies are scrambling for a clearer vision of where their personal data is stored, in order to proceed with a now required-by-law spring cleaning.
And in most cases, the answer to this question is, basically, everywhere. And the scarier part of this is that nobody truly knows why the data is being kept.
I think that this data hoarding is due to two main factors:
* The "just in case" state of mind
The first factor explaining this practice is due to the relatively small cost of keeping (and forgetting) any collected data indefinitely. When asked why they kept CVs from students that were sent in 1998, one of my clients literally answered:
I don’t know, it has never been used before but who knows, it may come in handy someday.
If the data is both obsolete and not used anymore, especially if it falls in scope with the Data Privacy Laws, please do yourself a favor and delete it immediately. Trust me, it will spare you a lot of headaches.
* The ‘data rush’ effect
The second factor in play here is also related to the risk/cost associated with data collection and retention.
In the past, collecting data was as easy as kindly asking for it (or even directly getting your hands on it via Facebook or mobile apps). It was a bit of a hectic, free-for-all, gold-rush type situation, where many great (and not so great) things happened. For brevity’s sake, we’ll call this phenomenon the "data rush".
The main consequence of this "data rush" is that many companies started collecting data that was not related to any data processing in place. In many cases, this hoarded data has not even been used since its collection.
For example, one of my clients used to systematically ask for his customers’ number of children in his registration form. The data was never once used, but was collected because it was cheap to do so and also, "just in case".
Be proactive, become a data minimalist
Data collection won't stop, it has never been the issue. However, a slow, tectonic shift in mindset is slowly happening : as businesses, we should favor the quality of the data we collect, instead its quantity.
* Seeing as collecting data is bound to involve a lot more of friction;
* seeing as if you're in scope of the DPA or GDPR, you'll have a lot more requirements to comply to than before;
* seeing as people are becoming over-wary when providing their data; seeing the extreme impact that a data breach will have on your business,
I would wholeheartedly recommend that you streamline your data collection processes, making sure that you collect and keep only what is necessary.
You'll spare yourself and your business a lot of headaches down the road. Feedback is welcome; contact me at Schumacher@eitsc.com