Which practice helps limit exposure by collecting only what is necessary?

Data minimization is the practice of collecting only what is necessary for a specific purpose. This approach reduces exposure because each data item adds potential risk: if a breach or leak occurs, there’s less data to compromise, and it’s easier to implement tighter access controls and quicker, safer data handling. It also supports privacy-by-design and regulatory expectations (like GDPR) by limiting what you store and retain. For example, only gathering information essential to a task, avoiding unnecessary fields, and using anonymization when possible keeps the data footprint small and the risk surface narrow. In contrast, broad data collection increases exposure by expanding what could be exposed, unlimited data retention keeps data accessible longer and magnifies risk, and open access would make data available to unauthorized parties.