Data Minimization
The principle of collecting only the personal data needed for a specific purpose and deleting it when no longer necessary.
Data minimization is the principle that organizations should collect only the personal data they need for a specific purpose, use it only for that purpose, and keep it only as long as necessary. It is a core privacy principle in data protection law and is increasingly relevant to AI governance.
For insurance AI, data minimization conflicts with the tendency to collect more data in hopes of better predictions. More variables can improve model accuracy but also increase privacy risk, proxy-discrimination risk, and regulatory scrutiny. Carriers should be able to explain why each data variable is necessary and what business purpose it serves.
Data minimization also affects vendor contracts. Insurers should know whether a vendor is using their data to train models for other customers or storing data longer than needed. See our glossary entries on data lineage, the Gramm-Leach-Bliley Act, and external consumer data.