Skip to Main Content
Main Menu

The Business Case for Data Minimization

Data hoarding is epidemic. The global pandemic triggered a second data gold rush, with enormous uptake of cloud computing’s ‘shovels and buckets’, as organizations scrambled to adapt to ‘digital first’ operations. Businesses were practically encouraged by cloud service providers to hoard all the data. But how much of it is worth something (if anything)?

Here’s how the volume of data created, captured and consumed worldwide is exploding thanks to cloud technologies according to research firm Statista:

  • 2017 – 26 zettabytes of data in the world (approximately 26 billion terabytes or 26 trillion gigabytes)
  • 2021 – 79 ZB at the height of the pandemic, triple the growth in four years
  • 2024 – 147 ZB, almost doubling in growth again in three years
  • 2025 – close to 200 ZB (200 trillion GB)

Researchers at Statista estimate most of the data made and consumed in the world isn’t stored long, with only a few percent of the total volume held over from one year to the next.

Still, businesses are determinedly hoarding more data than they need and for much longer than is necessary: by 2025 half the world’s data is expected to be stored in cloud servers at some point in its journey (according to The 2020 Data Attack Surface Report from Arcserve and Cybersecurity Ventures).

Consumers Demand Businesses Cut Cloud Pollution

The exponential growth of cloud computing is also causing devastating atmospheric and environmental pollution.

Businesses might have shrunk some of their direct energy costs (and real estate footprints) by switching from on-premises servers to cloud servers, but their carbon footprint from powering computers and server room cooling systems hasn’t disappeared – it’s just out of sight.

Yes, some larger cloud providers are now moving towards carbon-neutral services, but as data hoarding is an escalating trend, carbon-cutting efforts must rapidly scale up across the entire industry.

The Cloud Is Material: On the Environmental Impacts of Computation and Data Storage, a peer-reviewed study by Steven Gonzalez Monserrate, published by MIT Schwarzman College of Computing on January 28, 2022, found:

  • Cloud computing now has a larger carbon footprint than the airline industry
  • The electricity used by data centers accounts for 0.3% of overall carbon emissions
  • The electricity used by the world’s computing devices (data centers combined with networked devices such as laptops, smartphones and tablets) accounts for 2% of overall carbon emissions
  • As heat is a waste product of computation, cloud servers must be constantly cooled to prevent ‘thermal runaway events’, which can cause system failures.
  • Cooling systems account for more than 40% of electricity usage in most data centers
  • Only 6-12% of energy use at data centers is devoted to active computational processes – the remainder is allocated to cooling and maintaining extensive chains of redundant fail-safes (redundant servers, power supplies) to prevent costly downtime
  • A single data center can consume the equivalent electricity of 50,000 homes
  • E-waste is also a huge problem: estimates by Greenpeace show only 16% of computing devices are recycled at end-of-use.

As consumers become aware of the massive amounts of energy and other resources consumed to run cloud technologies, they’re demanding businesses adopt energy saving practices for data storage, including data minimization – or risk losing customers.

‘51% of consumers are especially concerned that data storage produces pollution when, on average, half of the data enterprises store is redundant, obsolete or trivial and another 35% is “dark” with unknown value,’reported Veritas in a March 2023 report titled:

Consumer Sentiment on the Environmental Impact of Hoarding Unnecessary Enterprise Data

The study also found ‘47% of consumers said they would stop buying from a company if they knew it was wilfully causing environmental damage by failing to control how much unnecessary or unwanted data it is storing’.

Business Challenges of Hoarding too much Data

TrustArc has helped more than 1,500 companies globally establish and manage rigorous privacy programs designed to comply with the latest regulations.

Trustworthy regulatory advice is essential, of course, along with astute guidance on technologies and methods for managing information governance.

We’ve frequently found organizations are hoarding more data than they are aware of and need help discovering and consolidating it into more manageable and useful volumes.

The principle of data minimization is simple: only keep data that is lawfully necessary and useful. Doing so can also improve return on investment in your data activities – and reduce their associated risks.

Business Impacts of Hoarding Personal Data

Data Hoarding Issues
Business Impacts
Finding value

Collecting as much personal data as possible means more data to store and process than the business can feasibly extract value from in its lifetime.

Wasteful computing costs – and diminishing returns on investments – associated with storing, managing, processing, and protecting unnecessary, useless/redundant data.
Knowing what is stored

Increased difficulty identifying which data is useful among ‘noisy’ data (meaningless and/or out-of-date data).

Loss of productivity through time wasted filtering irrelevant and redundant data to extract useful insights, answer questions, and solve business problems.
Extracting useful data insights

The growing number and complexity of connected data systems can make it challenging for businesses to select ‘sources of truth’.

Increased possibility of receiving contradictory or inconsistent signals, driving higher risks of errors in judgment on which data is ‘true’ can lead to poor business decisions that affect revenue, reputation, and customer relationships.
Managing cybersecurity risks

Storing any kind of valuable data (whether intellectual property and financial data owned by the business or personal data belonging to staff, customers, and partners) demands constant investment in protections against unauthorized and unlawful access, and criminal exploitation.

Constant investments in updated protection and compliance are essential – and these costs expand as the volumes expand.

Inadequate cybersecurity measures will certainly make a business an easy target for criminals looking for quick exploits. But businesses with apparently strong cybersecurity measures must never be complacent as the more valuable data available, the greater the incentive for criminals to scale up attacks on the business.

Larger breaches mean larger penalties and other devastating costs to the business (financial, reputation, capacity to operate).

Managing privacy risks

Storing any kind of personal data adds to cybersecurity risks overall – and businesses must stay up-to-date with privacy regulation compliance requirements, particularly when operating in multiple jurisdictions.

On top of increased cybersecurity protection costs, businesses with expanding hoards of personal information must continually invest in compliance systems, training, legal advice, processes, and policies.

As inventories of consumers’ personal data (including categories of data stored, shared, or sold) expand they become increasingly complex to track and manage.

Simply failing to accurately track what personal data is held makes it almost impossible to address consumers’ consent choices and requests to exercise their privacy rights (for example to access, correct, or delete personal information).

And when non-compliance is reported or discovered through an inspection audit, penalties grow according to the number of people impacted.

Business benefits of data minimization

Data-related Activity
Business Benefits
Streamlining data collection

Focusing on collecting only necessary and relevant data will have positive flow-on effects throughout the lifespan of data stored by the business.

Data minimization at the input stage helps a business address privacy law compliance requirements from the outset.

Collecting less data up-front can help reduce the overall costs and efforts required for storage, analysis, processing, protection, and management.

Streamlining data analysis

Smaller data stores are simply easier to search, analyze, and extract value from.

Reducing the ‘noise’ in a data store will make it easier to analyze it and extract insights – leading to improvements in customer service, revenue growth, and better returns on investment from data related activities and systems.
Maintaining a data inventory

Regularly inspecting why, how, and where data is stored will help a business make informed decisions about how to manage it.

Knowing what data is held by the business will help identify opportunities to consolidate it and help reduce the storage costs.

Accurate and up-to-date data inventories are necessary for managing privacy compliance. Well maintained inventories can also help businesses adapt more quickly to new privacy compliance requirements.

Reducing data loss risks

Minimizing the volumes of valuable data stored helps reduce the severity of potential breaches.

If the ‘prize’ (valuable data) is smaller, then the data store will likely be a less attractive target for cybercriminals.

In the event of a breach, the less data stolen, generally means lower penalties and other financial losses.

GDPR Compliance Solutions

Set up and manage compliance effectively with TrustArc’s Data Inventory Hub, Assessment Manager, Cookie Consent Manager, and Individual Rights Manager.

Learn more

Data Inventory Mapping

Reduce privacy risk with automated data flow mapping, risk analysis, and remediation for on-demand compliance reporting and audit trails.

Learn more
Key Topics

Get the latest resources sent to your inbox

Back to Top