Sec. 131. Data minimization
254 words·~1 min read·
/bill/115/s/2187/is/section-131A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
Each covered entity shall— collect only as much covered information relating to an individual as is reasonably necessary— to process or enforce a transaction or deliver a service requested by such individual; for the covered entity to provide a transaction or delivering a service requested by such individual, such as inventory management, financial reporting and accounting, planning, product or service improvement or forecasting, and customer support and service; to prevent or detect fraud or to provide for a secure environment; to investigate a possible crime; to comply with a provision of law; for the covered entity to market or advertise to such individual if the covered information used for such marketing or advertising was collected directly by the covered entity; or for internal operations, including— collecting customer satisfaction surveys and conducting customer research to improve customer service; and collection from an Internet website of information about visits and click-through rates relating to such website to improve— website navigation and performance; and the customer’s experience; retain covered information for only such duration as— with respect to the provision of a transaction or delivery of a service to an individual— is necessary to provide such transaction or deliver such service to such individual; or if such service is ongoing, is reasonable for the ongoing nature of the service; or is required by a provision of law; retain covered information only for the purpose it was collected, or reasonably related purposes; and exercise reasonable data retention procedures with respect to both the initial collection and subsequent retention.