Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Career Intelligence
    • Cyber Tactics
    • Cybersecurity Education & Training
    • Leadership & Management
    • Security Talk
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Interactive Spotlight
    • Photo Galleries
    • Podcasts
    • Polls
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityLogical Security

Rethinking Data Collection in Identity Security

By Joe Kaufmann
Glasses in front of coding on screen
Oleksandr Chumak via Unsplash
October 29, 2025

With AI outpacing traditional identity verification measures, organizations are heavily investing in identity-first security solutions. However, prioritizing security can unintentionally lead to the trap of over-collecting user data. This poses significant risks for both cybersecurity and data privacy. 

The key to an effective security strategy lies not in collecting more information, but in focusing on the right data to ensure safety without unnecessary exposure.

Over-Collection: Unseen Dangers to Security and Privacy

As businesses continue to integrate sophisticated identity verification systems, the temptation to collect as much user data as possible grows. Unfortunately, this approach backfires. Storing excessive amounts of personal data, particularly in onboarding and KYC (Know Your Customer) flows, does not automatically lead to enhanced security. Instead, it expands the surface area for vulnerabilities and increases the potential scale of impact of security incidents.

Beyond merely expanding the risk, over-collection of data also contradicts fundamental data protection principles. Laws such as the GDPR and CCPA emphasize data minimization, as they recommend only collecting and retaining the minimum necessary information. However, many organizations still hold onto excess data, increasing their exposure to legal scrutiny, regulatory fines, and long-term liabilities should a breach occur.

Special and sensitive categories of data like biometric information only exacerbate the problem. An increasing number of proposed and enacted laws specifically address these types of data. Unnecessary data storage and failure to delete information often runs counter to the compliance requirements these laws impose. This creates a scenario where enterprises are carrying excess risk for data they don’t need.

Navigating the Regulatory Maze: Compliance is Key

The privacy landscape is shifting with the advent of new regulations, putting pressure on organizations to rethink their data management practices. Across the globe, data protection laws — and their enforcement bodies — are consistently emphasizing two key concepts: data minimization and purpose limitation. Enterprises must not only limit the scope of their data collection but also ensure that they use it solely for its intended purpose and retain it only as long as necessary.

Biometric data, while becoming a vital component of identity verification, is an area where businesses must tread especially carefully. Improper handling of biometric information can lead to catastrophic breaches of trust, as well as hefty legal ramifications. Organizations must be transparent about the data they collect and ensure that they store it only when absolutely necessary.

The Evolving Fraud Landscape: Adapting to New Threats

Cybercriminals are becoming more sophisticated, leveraging artificial intelligence (AI) to execute fraud on an industrial scale. The rise of deepfakes and synthetic identities represents a new frontier in digital deception, with fraudsters now able to generate entirely fake personas with startling ease. This poses significant challenges to traditional verification methods, which were once sufficient in detecting fraud.

To combat these advanced tactics, businesses must move beyond simple data collection and focus on real-time, dynamic identity verification. Relying on outdated, static checks will not suffice. The challenge now is to leverage sophisticated verification systems that are adaptive and can spot fraud in real-time, even as fraudsters evolve their tactics.

Moving to a Privacy-First Security Model

In response to growing threats and regulatory pressure, security professionals must adopt privacy-first practices that prioritize security while minimizing data exposure. The following strategies can help organizations strengthen their security posture while complying with privacy regulations:

  • Adaptive Risk Scoring: Instead of over-collecting data, businesses should implement dynamic risk-based verification systems that return a risk score, not raw data. This allows organizations to minimize unnecessary data collection while still maintaining rigorous security.
  • User Education and Transparency: It’s essential to educate users about the risks of over-collecting data and how it can impact their privacy and security. By being transparent about what data they collect and why, organizations can build trust with their users, ensuring a secure and compliant experience.

Data Minimization Is the Future of Secure Identity Management

Amidst advancing fraud tactics and tightening regulations, organizations must rethink their approach to identity verification and data collection. By focusing on minimal data collection and adopting adaptive, privacy-first security practices, businesses can enhance their security posture while building trust with their users. The key is not in collecting more data, but in collecting the right data and using it efficiently to safeguard both user privacy and organizational security.

KEYWORDS: data privacy fraud mitigation identity security

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Joe kaufman headshot

Joe Kaufmann is Global Head of Privacy and Data Protection Officer at Jumio with over a decade of industry experience. Joe previously held privacy and data protection roles at Splunk and Upwork. He was also a professor of Law at Georgia State University. Image courtesy of Kaufman

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Cyber tech background

    Security’s Top Cybersecurity Leaders 2026

    Security magazine’s Top Cybersecurity Leaders 2026 award...
    Security Leadership and Management
  • Iintegration and use of emerging tools

    Future Proof Your Security Career with AI Skills

    AI’s evolution demands security leaders master...
    Columns
    By: Jerry J. Brennan and Joanne R. Pollock
  • The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report surveys enterprise...
    The Security Benchmark Report
    By: Rachelle Blair-Frasier
Manage My Account
  • Security Newsletter
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Popular Stories

Trophy and soccer ball

Security Experts Discuss Threats to FIFA World Cup 2026

Soccer stadium

How the Current Iran-US Conflict May Impact World Cup Security

Hand reaching up out of the ocean

What I Learned About Burnout the Hard Way (and How to Actually Fix it)

Officers at an event

The 2026 FIFA World Cup Will Test Security Operations Like Never Before

Colorful laptop

Organizations Think They Know Who’s Visiting Their Sites. They Don’t.

SEC 2026 Benchmark Banner

Events

July 8, 2026

The 2026 Security Maturity Benchmark Report: Insights From Senior Security Leaders

LIVE: July 8, 2026 at 2 pm EDT In this webinar, speakers will share key insights from the report, including why today’s threat environment demands greater maturity and how to evaluate your organization’s current security posture.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products


Alertmedia sponsored webinar

Related Articles

  • SEC_Web_5Minutes Bovee.jpg

    The top challenges CISOs face in identity security

    See More
  • opt out easy carnegie mellon

    New plug-in allows consumers to “Opt-Out Easy” of websites’ data collection

    See More
  • technology-data freepik

    Cloud-based computing – Data collection and forensic investigation challenges

    See More

Related Products

See More Products
  • Hospitality Security: Managing Security in Today's Hotel, Lodging, Entertainment, and Tourism Environment

  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

  • CASP.jpg.jpg

    CASP+ CompTIA Advanced Security Practitioner Certification All-In-One Exam Guide...

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • Newsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2026. All Rights Reserved BNP Media, Inc. and BNP Media II, LLC.

Design, CMS, Hosting & Web Development :: ePublishing