Which statement best describes data minimization in privacy protection?

Data minimization means collecting only what is strictly needed to fulfill a stated purpose, restricting access to those who need it, and keeping data only for as long as it is actually required. This approach reduces the amount of data at risk, supports privacy-by-design, and aligns with legal expectations to avoid unnecessary data retention. The described practice fits this idea exactly by gathering only what’s necessary, limiting who can see it, and disposing of it when it’s no longer needed. In contrast, collecting data for potential future use brings in more information than necessary and raises risk; sharing data openly increases exposure; and keeping data indefinitely ignores retention limits and unnecessarily enlarges the data footprint.