Implement the privacy principle of minimization using sa-08.33_odp.
The principle of minimization states that organizations should only process personally identifiable information that is directly relevant and necessary to accomplish an authorized purpose and should only maintain personally identifiable information for as long as is necessary to accomplish the purpose. Organizations have processes in place, consistent with applicable laws and policies, to implement the principle of minimization.
Related controls 4
- PE-08 Visitor Access Records L M H P
- PM-25 Minimization of Personally Identifiable Information Used in Testing, Training, and Research L M H P
- SC-42 Sensor Capability and Data L M H P
- SI-12 Information Management and Retention L M H P