AAISM guidance highlights data minimization as a critical practice for addressing both security and privacy concerns. By ensuring that only the minimum necessary data is collected and retained, the organization reduces the risk of sensitive information being exposed or misused during training. Data augmentation expands data but does not mitigate privacy risk. Classification organizes data but does not limit exposure. Data discovery helps locate sources but does not directly reduce risks. The control that directly aligns with privacy-by-design principles is data minimization.