Data Minimization
Definition
The principle that businesses should only collect, process, and retain the minimum amount of personal data that is reasonably necessary for the specific purpose disclosed to the consumer. This prevents excessive data collection and reduces privacy risks.
Legal Definition
Under the CPA (C.R.S. 6-1-1308(4)): controllers must limit "the collection of personal data to what is adequate, relevant, and reasonably necessary in relation to the purposes for which such data is processed." Maryland's MODPA has one of the strongest data minimization requirements, prohibiting collection beyond what is strictly necessary.
State Laws Using This Term
Practical Example
A pizza delivery app only needs a customer's name, address, phone number, and payment info to complete orders. Collecting the customer's date of birth, social media profiles, and browsing history would violate the data minimization principle.
Related Terms
Frequently Asked Questions
Which states enforce data minimization?
Most comprehensive state privacy laws include data minimization requirements. Maryland's MODPA is considered the strictest, requiring businesses to limit data collection to what is "reasonably necessary and proportionate." Colorado, Connecticut, Virginia, and others have similar provisions.