Limiting Collection Principle

A fundamental privacy principle requiring organizations to collect only personal information necessary for identified purposes. This principle, articulated in frameworks like PIPEDA and OECD Privacy Guidelines, is closely related to data minimization but often phrased in terms of collection limitation. The principle requires identifying purposes before or at collection, collecting only data necessary for those purposes, using fair and lawful means, and obtaining knowledge or consent where appropriate. Limiting collection prevents the common practice of gathering maximum data 'just in case.' Organizations should question each data field requested, eliminate unnecessary collection points, use progressive collection (gathering more data only as needed), regularly review collection practices, and document necessity of collected data. Limiting collection reduces privacy risks, simplifies compliance, and builds trust. Modern privacy frameworks universally embrace collection limitation as core to privacy protection.