10 to the 23 AI logo

Practice Library

Governance patternstructural

Data minimization

Write less and keep less: the least data that does the job is the least there is to leak, to contaminate, and to purge later.

What it changes

dampenedAdopted failures documented into records(less written into the record)
dampenedFailures written directly into records(machine writes bounded and aged out)
dampenedClient data sent to an unsanctioned tool(less identifiable data on hand to paste out)

Who can pull it

Data-protection officerDeploying organizationHarness builder

What it looks like institutionally

Every field written and every record retained is a liability with no expiry: it can be adopted as fact, retrieved into a model, replicated to a system nobody is watching, or pasted into a tool nobody vetted. Data minimization treats the record itself as the attack surface and shrinks it — collect only what the task needs, write only what must persist, and age out what no longer earns its place.

In a sociotechnical deployment this is not a one-time schema decision but a standing discipline on the write edges: what the model is allowed to commit to the record, what a worker documents from an AI draft, how long either survives. Bounding those flows lowers exposure everywhere downstream at once, because there is simply less identifiable material in motion — less to read and believe, less to retrieve back into the model, less to carry out of the building under time pressure.

The person who owns this is typically a data-protection officer: an accountable role scoped to the systems holding personal data, empowered to say what is written and kept and what is not. National-survey findings put the demand squarely here — concerns about client data privacy and security are the profession's most-reported barrier to AI use, and stronger privacy and confidentiality protection is the single most-requested improvement to the tools.

The discipline it must never collapse into: deleting records blind to buy the appearance of safety. Removing content by volume rather than by what it contains can strip the benign material that was diluting the harmful, and a documented PAN-run scenario shows exactly this backfire — the contaminated share of a record system rising after a content-blind purge. Minimize what is written and how long it is kept; correct what is already there by content, never by panic.

Addresses: Unsafe data flow / privacy & confidentiality · Contaminated records read as fact · Data pasted into unsanctioned tools. Test a version of this lever in the PAN Lab.

Deciding whether this lever fits your deployment?

Which patterns matter — and in what order — depends on your system's actual shape. Ranking your options on evidence, with what can backfire stated, is engagement work.

Sources & Evidence

Claims made on this page and what supports them. The full registry lives in Evidence.

ScenarioIn published PAN runs, content-blind record removal raised the contaminated share of the record system by stri…

In published PAN runs, content-blind record removal raised the contaminated share of the record system by stripping benign dilution; only content-aware decontamination reliably reduced it.

Illustrative PAN-run result: PAN Governance Lever Audit ('content-blind levers backfire'). Direction-and-shape only — not a calibrated prediction for any specific deployment.

EmpiricalIn the same national survey, concerns about data privacy and security were the most frequently reported challe…

In the same national survey, concerns about data privacy and security were the most frequently reported challenge to using AI in practice (46.5% of respondents), and an increased focus on client privacy and confidentiality was the most requested improvement to AI tools for social work (50.4%).

borah2026bAcademic

Borah, P., & Landers, G. (2026). AI and social work: A national workforce survey. Steve Hicks School of Social Work, University of Texas at Austin, in partnership with NASW.

Appears in: 1023AI authored research

Topics: social-work