Collection Limitation refers to the process of limiting the information collected. This should be done in accordance with a data minimization principle, which states that in order to comply with privacy laws, organizations should only collect data that is needed for their activities and no more than necessary.
Data minimization can help organizations manage their risks. For example, if an organization collects too much personal information about its employees or customers, it may be vulnerable to a data breach, cyberattack, or other privacy incident because all of this personal data must be protected from unauthorized access.
Furthermore, collecting more information than necessary increases costs for storage and retrieval of data by requiring more resources and time invested by employees.