It seems to have become the default position to obtain your personal information whether websites need it or not. It is impossible to get past the landing page on some websites without registering and providing your details.
We were looking to provide a room for uni student accommodation. We contacted a large Australian organisation that does this to ask if what we had was suitable. They would not provide an answer unless we registered, so we had a look at the online form they had on their website. The questionnaire was quite intrusive, and asked for details they had no need to ever need to know. They also wanted our bank details, drivers licence numbers, etc, etc. And they weren’t using https either.
I rang their local director to discuss this overreach of data collection at just the early inquiry stage. I was told that they would not proceed without this information. So I asked about the security of their data and their facility. The director told me that within their organisation access to the data was restricted on a need to know basis. When I asked whether the data was encrypted, or and what security there was on the data servers, she repeated the previous statement. In other words there was no security and our enquiry about letting the room stopped then and there.
I can understand that at some point it may be necessary for sites to get your details such as if you are actually buying stuff, but I disagree with that data collection as a ‘toll’ you have to pay to just to get onto the site or get a $ price.
I think there is a need to extend data privacy laws to restrict personal information collection by businesses and web sites to a verifiable needs basis.
Perhaps with less unnecessary data collection, there wouldn’t be so many breaches and/or the quantum of data stolen would be significantly smaller?