Data hoarding is a dangerous business practice that can lead to privacy non-compliance and data breaches. In a sign of how large the problem is, one estimate suggests that up to 85% of data held by companies is no longer relevant, adequate, or necessary.
So what can be done? Senior privacy manager at DoorDash, Nandita Rao, joined our August 2021 Privacy_Infra() event to discuss her KonMari Method ™ approach to data minimization—including techniques for taming data sprawl and how to adopt better data hygiene processes.
She explained that the benefits of this method include continuous data discovery and analytics to support defensible deletion of data that doesn’t ‘spark joy.’
“Businesses know that personal data is an asset, but are still struggling to manage it efficiently,” she said. “The majority of organizations are not prepared with a good data minimization or governance program in place.”
Nandita explained that because enterprise data volumes are expected to grow nearly 5x by 2025, the risk of “dark data” is also growing exponentially.
According to Gartner, dark data is “the information assets organizations collect, process, and store during regular business activities, but generally fail to use for other purposes (for example, analytics, business relationships and direct monetizing).” As a result, storing and securing this data typically incurs more expense and greater risk than value.
“As data grows, it also spreads,” Nandita explained. “The sprawl is due to more applications, more users, and more devices than ever. Especially when personal data spreads out of control to unapproved locations, it increases the risk of breaches, noncompliance fines, and ediscovery costs.”
Nandita continued that privacy is dependent on effective data governance in order to accurately understand how data is created, stored, used, and disposed of. Data governance also provides information about how trustworthy the data is.
Many companies working outside traditionally regulated industries like healthcare and finance don’t have mature data governance programs in place, which limits their ability to meet privacy obligations. Even with regulatory drivers like GDPR and CCPA, many organizations are far behind where they need to be.
Watch Nandita’s full talk from Privacy_Infra() (starting at Chapter 1, or 4:15) to learn more about how to know your data, locate your data, and purge whatever you don’t need.
Note: This post reflects information and opinions shared by speakers at Transcend’s ongoing privacy_infra() event series, which feature industry-wide tech talks highlighting new thinking in data privacy engineering every other month. If you’re working on solving universal privacy challenges and interested in speaking about it, submit a proposal here.