More and more companies are investing in Big Data systems. Designed to store and process massive amounts of information, these systems tend to be incredibly complex and expensive to build and maintain. They are also quite vulnerable to attack, but with the promise of greater profits companies can’t seem to resist.
Martin Fowler writes about the opposite of Big Data, Datensparsamkeit. This German word roughly translates to “data austerity” or simply “not storing more than you need”. One reason for this is privacy. Even before the Edward Snowden revelations there have been concerns about the US Patriot Act of 2001 and the subsequent warrantless surveillance. Martin writes,
The problem with the "capture-it-all" approach is that it raises serious questions of privacy. Even if we trust ourselves to not abuse the data we collect, each data store represents a target for criminals or government surveillance agencies. This issue is particularly fraught in Germany which has seen successive regimes where governments have carried out extensive surveillance of their citizens in order to control them. Germany consequently has strong data privacy laws.
Datensparsamkeit is a concept from these privacy laws that is an opposite philosophy to "capture-all-the-things". A translation isn't straightforward (which is why I've retained the German word) but loosely you might translate it as something like "data austerity", "data minimization", "data parsimony", or "data frugality". It means that you should always ask yourself why you are capturing or storing data, and look to handle only the minimum amount of data you need for your purpose.
Of course government surveillance isn’t the only concern. Even the smallest companies are being targeted by hackers looking to obtain passwords and credit card information. Martin continues,
Even if you don't share my views on personal control of our own data, the risks of security breaches mean that datensparsamkeit is a wise course of action. If you hold data that you don't need, and someone steals it and causes damage, shouldn't you be liable for that damage? Even if there's no legal liability the publicity will have serious consequences - and thus there is risk for anyone who doesn't practice datensparsamkeit.
For some industries, the answer to that question is an unequivocal yes. For example, any company storing the three digit code on the back of a credit card is liable for steep fines from Visa and Mastercard, even if no security breach actually occurs. If the information is stolen and then used the fines, penalties, and restitution can bankrupt a small company.