Minimum Necessary – Enough is enough!
When you are collecting personally identifiable information (PII) from individuals, only ask them for the PII that is relevant and appropriate for your business purposes. Similarly, if you ask another person or agency for PII, only ask for those pieces of PII that you need.
When you are collecting PII, please consider each data entry field. Is each piece of PII requested strictly necessary? Is it useful but not strictly necessary? Or is it not needed at all?
- If the PII is necessary, you may require that individuals provide it.
- If the PII is useful, you may ask the individuals to provide it.
- If the PII is not needed, you should not ask for it at all.
Report any mistakes that accidentally expose PII immediately.
If you’re not sure if the PII is needed, you should ask your manager for help understanding how the PII collected by your process is used by the Department. If you have other questions, please contact your Privacy Officer.
To view the Minimum Necessary & Limited Use Policy, click here.
2014 Privacy Tips