What is the primary security benefit of data minimization?

Data minimization means collecting and keeping only what is strictly necessary for a given purpose. By limiting what you gather and store, you reduce the amount of data that could be exposed in a breach and the level of protection that must be applied, which lowers overall risk. This approach also supports privacy-by-design and helps meet regulatory expectations because you’re not accumulating data you don’t need. It’s important to recognize that minimizing data does not automatically guarantee compliance—proper governance, retention policies, and controls are still essential. The idea behind the correct choice is that fewer data points mean smaller targets and easier secure handling, whereas increasing data collection or removing controls would run counter to this principle.