# undermanager: Three things about data

> Data is a risk. Data is distracting. Critically analyse all external data that you hold. Do you really need it?

Great post by Russel Davies at undermanager: '[Three things about data](https://www.undermanager.com/three-things-about-data/)'.

> <span class="h2-emulation-in-blockquote">Gather less of it</span>
>
> a. Data is a risk. Every bit of data has to be managed/looked after/cared for. That costs time and money. And most of it is useless.
>
> b. Data is distracting. Most of it is just noise. You're gathering it because you can, just in case, because it seems valuable.

I couldn't agree more. This was the root cause of [my data leak](/blog/0186/) the other month, and is a pattern I've come to recognise over the years. We assume that more data is better. And in the past that might have been the case.

But the landscape has shifted. The risks are greater. How about this doozy from Krebs on Security today: [CISA Admin Leaked AWS GovCloud Keys on Github](https://krebsonsecurity.com/2026/05/cisa-admin-leaked-aws-govcloud-keys-on-github/).

> "Passwords stored in plain text in a csv, backups in git, explicit commands to disable GitHub secrets detection feature," Valadon wrote in an email. "I honestly believed that it was all fake before analyzing the content deeper. This is indeed the worst leak that I've witnessed in my career. It is obviously an individual's mistake, but I believe that it might reveal internal practices."

**Critically analyse all data that you hold**, especially if it identifies your customers. If you don't need it, purge it. It's time to start shifting our habits away from collecting this stuff in the first place.

There's a lot more in Russell's post. Worth a read.