Collecting only the data necessary to meet objectives is the best approach to minimize privacy risk when collecting personal data. This is based on the principle of data minimization, which states that personal data should be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed. Using a third party, collecting data through a secure web server, or aggregating data immediately may reduce some privacy risks, but they do not eliminate the possibility of collecting excessive or unnecessary data. References: CDPSE Exam Content Outline, Domain 3, Task 3.2