SA-8(33): Minimization

CSF v1.1 References:


  • Privacy
Info icon.

Control is new to this version of the control set.

Control Statement

Implement the privacy principle of minimization using [Assignment: organization-defined processes].

Supplemental Guidance

The principle of minimization states that organizations should only process personally identifiable information that is directly relevant and necessary to accomplish an authorized purpose and should only maintain personally identifiable information for as long as is necessary to accomplish the purpose. Organizations have processes in place, consistent with applicable laws and policies, to implement the principle of minimization.