12 August 2024

Won’t somebody think of the data holdings?

Tessa Loftus
Manager

elevenM’s Tessa Loftus discusses the link between data minimisation, privacy and the environmental impact of data storage.

Data minimisation is having its time in the sun lately. There are many reasons for this — certainly several significant data breaches that have clear roots in excessive data storage have brought the issue to the fore, but really, privacy professionals have been talking about data minimisation for as long as we have existed.

As we have noted in the past, data minimisation (just generally not collecting anything you don’t actually need) decreases your risk of harm from a data breach, decreases certain cyber risks (such as the honeypot effect), increases your ability to build customer trust, and improves your ability to meet your requirements under the Privacy Act. In fact, ‘only collect what you need’ is clearly and explicitly stated in the Australian Privacy Principles, so data minimisation is also necessary for basic Privacy Act compliance. Looking ahead, obligations for data minimisation, both in regards to collection and retention, are set to increase.

However, there is another side to data minimisation that has consistently been under-considered, and that is the environmental impacts of storing data. We’re all familiar with ‘please consider the environment before printing this email’, but what about ‘please consider the environment before retaining this data’?

The global Data Management Infrastructure Dynamics survey found that (of the Australian companies surveyed) 76% of companies are overwhelmed by the amount of data they manage. This is bad news from both a privacy and data governance perspective but, given our data-driven economy, seems likely to continue.

It’s also worth considering that data centres account for almost 4 per cent of Australia’s total energy consumption and 10 per cent of the world’s energy consumption. It’s the same story in the US, with data centres now accounting for about 4 per cent of electricity consumption, set to increase to 6 per cent by next year. A lot of the growth in energy consumption by data centres can be attributed to AI and, before that, bitcoin. Digiconomist’s Alex de Vries has calculated that by 2027 the AI sector could consume between 85 to 134 terawatt hours each year, which is approximately the annual energy use of the Netherlands.

The International Energy Agency reported that global data centre energy use was 460 terawatt hours in 2022 and could increase to between 620 and 1,050 TWh in 2026, which is equivalent to the energy demands of Sweden (at the bottom end) or Germany (at the top). And that’s just the power — data centres also use a significant amount of water for cooling, anywhere between 68,000 to 2.1million litres per day.

What we know is that businesses are using an increasing number of AI solutions, and they are also storing more and more data — by 2025 large organisations will be storing more than 65PB. The same Data Management survey found that 33% of companies know their data infrastructure uses too much energy and 46% have set goals to reduce the energy demand of their data centres. But with 45% of these respondents stating that their sustainability policies don’t address the impact of storing unused data, they don’t seem to have a plan to do so.

There’s a clear pattern here — companies are struggling to manage their data holdings. There is no denying that the regulatory environment is complex, as is the brand/trust space. When it comes to data storage, companies are juggling business requirements, regulatory compliance, growth, public sentiment, tracking social and environment impact and so much more.

Data minimisation can’t fix all your problems, but it addresses a very real risk in several of these categories. So, whether you’re seeking to improve your environment footprint, your privacy compliance or your cyber risk, on this they speak as one — store less data. Only collect what you need, only keep what you need, track your use, and implement a data retention and disposal schedule, and watch the APPs and the environment smile on your business.

Contact us

You can find advice on our website on implementing data minimisation, how to undertake a data processing inventory, how to take a strategic approach to deleting information that you no longer require, and how to get started on creating a retention and disposal schedule.

If you’re interested in learning more about information and data governance, and how it supports privacy compliance, contact us at hello@elevenM.com.au or on 1300 003 922.