Which principle requires agencies to only maintain PII that is necessary for a legally authorized purpose?

The principle that requires agencies to only maintain personally identifiable information (PII) that is necessary for a legally authorized purpose is minimization. This principle aligns with the data protection standard of limiting the collection and retention of PII to what is strictly necessary to fulfill a specific purpose, ensuring that unnecessary data is not held or processed.

Minimization protects individuals’ privacy by reducing the risk of exposure or misuse of their personal information. It emphasizes that organizations should regularly evaluate their data retention policies and processes to ensure compliance with legal requirements while also safeguarding individuals' privacy rights. This approach instills responsible data management practices and upholds the integrity of data protection standards.