Businesses constantly collect data about customers and employees, such as addresses, birthdates, credit card numbers, and Social Security numbers.
But the data that businesses often see as necessary—or even an asset—can become a liability. Every piece of personal information collected is one more piece that must be guarded from the dark designs of identity thieves and other cybercriminals.
Perhaps it’s time for business leaders to ask themselves these questions: Why do we collect all this customer and employee data that we can’t protect? Why are we putting ourselves, our customers, and our employees at risk of a data breach that would put personal information in the hands of those who can do great harm?
For years, businesses have treated the collection of personal data as a positive, something that can help them better understand and market to consumers, make more informed decisions, or give them a competitive advantage. But as data breaches rise, this strategy exposes them to adverse consequences.
One example from 2025 that only recently became widely reported: A data breach was revealed at the U.S. government contractor Conduent, which runs back-office systems for state agencies and major health insurers. The breach exposed information for at least 25 million Americans, including names, addresses, Social Security numbers, birthdates, medical data, and insurance data.
It was a worst-case scenario come to life.
The Less Data, the Better
Certainly, most companies take steps to protect data, with varying degrees of success. But few put into play the most underutilized cybersecurity strategy of all: data minimization.
The less data stored on your computers, the less tempting those computers are to the nefarious.
That sounds simple enough, but the question is: How do you pull off data minimization—especially when systems seem almost designed to increase the amount of data kept, not reduce it?
Traditional systems often force people to submit the same personal data repeatedly. That is, each time they interact with another business or government agency, they once again must provide their personally identifiable information—Social Security number, birthdate, credit card number, address, or whatever a particular organization needs, or thinks it needs.
We all do this, time after time after time.
And, as a result, businesses end up hoarding data, which is the corporate equivalent of storing cash in an unlocked safe. The cybercriminals are gleefully rubbing their hands together in anticipation of all the targets they can take aim at.
What can businesses do to reduce their data and their potential liability?
One approach is to simply rethink what you need and collect only the information that is necessary. Why store customer or employee information that’s of little or no value to you and that you could get by without? Such data serves no purpose other than to add to the risk of data breaches or identity theft.
What must you absolutely have, and what can you do without?
Another option is to create a better safeguard around the information itself.
A Verified Trust Credential
One idea for accomplishing that is a verified digital Trust Credential that eliminates the need for users to repeatedly provide their private personal information. Instead, once the individual has that information verified to create the Trust Token, they would just present it rather than sharing the sensitive information repeatedly.
To imagine that kind of system, think of it as much like TSA PreCheck, something you may have used.
With TSA PreCheck, airline travelers undergo a thorough vetting that includes a background check, fingerprinting, and even an interview to prove they’re low risk. In return, they receive a Known Traveler Number that lets them use expedited security lanes at airports. While everyone else waits in a long line, those with PreCheck zip on through.
Beyond giving some travelers a quick trip through security, PreCheck also demonstrated that people will gladly opt into a vetting process if it means a reusable credential that makes life easier and safer, without having to repeatedly provide their personal information. Millions of Americans paid and enrolled to get that Known Traveler Number.
In much the same way, a verified trust credential system would essentially serve as a digital passport for all identity and background needs. Instead of handing over a Social Security card, driver’s license, passport, and a file of background check documents to every entity that asks, individuals would have one reusable digital trust credential issued after a thorough identity screening.
In other words, businesses would know the person’s information had been verified, but would not need to store all of that data themselves. Both the business and the individual could rest easier knowing the information was protected, while data thieves would be frustrated.
So why isn’t such a system already in place?
Perhaps for a number of reasons, including the standard “this is how we have always done it” argument. But change could be coming as data privacy receives more attention and governments seek ways to protect consumers and their data.
Big innovations often come from someone willing to challenge the status quo or think radically differently, rather than constantly putting Band-Aids on problems that arise within the current paradigm. There are innovative companies on the horizon that are doing just that. But once in place, it would relieve the government of the need to create a myriad of statutes, regulations, and laws to accomplish the same thing.
And it would allow businesses to fret less about protecting data from those cybercriminals who are always on the prowl.
The companies that will win in the next decade won’t be the ones with the most data. They will be the ones with the least unnecessary data.
Raj Ananthanpillai is the founder and CEO of Trua, a digital identity-verification and screening company. He is also a serial entrepreneur, investor, inventor, and leading authority on digital trust, identity, and privacy.
Ananthanpillai has built and grown several impactful tech companies, and his ventures have provided mission-critical solutions to federal agencies, including key contributions to various national security programs such as TSA PreCheck, Fortune 500 companies, and global organizations.
Photo courtesy TSD Studio for Unsplash+
