You may think I'm going around in circles again, but whenever I fill out a form for an insurance claim, at the bottom it says “You hereby authorize us to send all information” to whoever the hell they want to send it to. I always strike it out and say “all relevant information”.
There are several principles we privacy types are pushing. I want to emphasize that I'm a privacy pragmatist; I'm not a privacy fundamentalist. But I do care about privacy. Those are nice distinctions.
Under the “necessity” principle and the principle of data minimization, you should be collecting personal information only because you need it. It's much too easy to fill out a form. There could be 40 boxes on an electronic form, and the thought is to fill them all out because the information may be needed some day in the future.
If there is a reason for it, I have no problem with someone collecting it. We always watch, for example, people collecting information. Imagine if you went to rent a car and someone had a form at Avis asking for your sexual preference. Huh? Duh.... I see forms collecting information on the religion of lottery winners. What does that have to do with it? Are people going to be smart enough to say, “You can't ask me that. Give me my $10,000 or million dollars”?
This is the kind of stuff that's going on. So we have to put in a “necessity” principle. We have to minimize data collection. We should have to give out as little personal information as possible to do the job when we fill out a form electronically or on paper. When you see things that are asking for a social insurance number, why do they need that?