A data-protection baseline that starts with collecting less.

Collection should stay proportionate

Wiyc’s public sites should ask for the minimum information necessary for the specific purpose of a form or interaction. Data collection should not expand by default just because infrastructure makes it easy.

Retention should have a reason

Collected information should only be retained for as long as there is a legitimate operational reason to keep it. The point is to reduce unnecessary persistence, not merely document it.

Systems should remain inspectable

As shared services like forms and waitlists grow across Wiyc entities, the supporting systems should still remain legible enough to audit, reason about, and improve without losing track of what data lives where.