Embedding personal data minimization technologies in organizations: needs, vision and artifacts
Publicatie van Kenniscentrum Creating 010
M.S. Bargh, R.F. Meijer, S. Braak,van den, A. Latenko, M. Vink, R. Choenni | Conferentiebijdrage | Publicatiedatum: 12 januari 2022
Often collected data sets contain more personal information than needed for a certain purpose. According to privacy laws and regulations the personal data in a data set should be minimized only to the data that are required and allowed for a chosen (legitimate) data usage. Statistical Disclosure Control (SDC) is one of the main data minimization technologies. Applying minimization technologies, particularly the SDC technology, into practice and embedding them within organizational settings can be a complex and demanding task for non-experts (i.e., those without prior experience and affinity with those technologies). In case of the SDC technology, for example, this challenge stems from its complexity, its context-dependency, its multi-disciplinarity, and its liability and accountability burdens. In this contribution we explain why personal data minimization is necessary, review the types of technologies for personal data minimization, present a framework we envision for embedding SDC technology in organizations, and mention the artifacts that, based on technology adoption theories, we have developed for embedding SDC technology within organizations. The envisioned framework comprises a structural model for deploying SDC technology and an iterative process for evolutionary organizational learning. At the end, we discuss the results obtained so far and mention some future research directions.