Data Minimization? Why?
This is why:
In April 2019, the social planning website for managing online invitations Evite identified a data breach of their systems. Upon investigation, they found unauthorised access to a database archive dating back to 2013.
https://www.bleepingcomputer.com/news/security/evite-invites-over-100-million-people-to-their-data-breach/
2013.
Email addresses and detailed personal information about not just Evite users, but people Evite users had sent invitations to – stored in a database archive since at least 2013.
These are the kinds of issues that come to mind when we suggest you need to think about data retention schedules and the value of personal information your organization has collected. Because six years down the road, I doubt that information really had much commercial value for Evite – but it’s certainly a liability now.