Today, many organizations believe that the more data you have the more valuable it is. However, the over collection of personal information can dramatically increase the potential harm to individuals in case of a data breach. In addition, collecting unnecessary or indirect information that is loosely tied to a purpose is increasingly viewed as exceeding the scope of consent.
Data Minimization is a key privacy principle to respecting individual privacy and reducing risks associated with a data breach. Under this principle, only personal information that is directly relevant and necessary to a specified purpose is collected and kept for only as long as needed for that purpose.