LOGBOOK

HELP

Quiz Entry - updated: 2026.06.07

Why is data minimization considered the most effective privacy defense, and what practices implement it?

Because the most effective defense is simply not collecting unnecessary data — less data means less risk — implemented via collection limits, retention policies, access control, and sharing restrictions.

The deepest defense isn't a clever anonymization algorithm — it's not holding the data in the first place. Data you never collected can't be breached, re-identified, or subpoenaed. Four practices:

  • Collection limits — gather only data essential for a specific, defined purpose.
  • Retention policies — delete data when no longer needed; implement automatic expiration.
  • Access control — restrict access to authorized personnel with a legitimate need.
  • Sharing restrictions — limit external sharing to essential parties under strict agreements.

These shrink the attack surface before any anonymization is even applied.

Tip: Every field you don't collect and every record you delete on schedule is one fewer quasi-identifier an attacker can ever link. Minimization beats mitigation.

From Quiz: PRIVACY / Re-identification Attacks & Privacy Defenses | Updated: Jun 07, 2026