When I was in college 12 years ago(!), we were in a class discussion about how a lot of government websites (and private companies) seem to ask for a lot of information: Social Security Number, Birthdate, Address, First and Last Name, Mother’s Maiden Name, etc.
Data that we knew to facilitate identity theft. My CIS professor said something that has stuck with me all these years:
If you don’t store something, it can’t be used for nefarious purposes.
Every piece of data you store is a piece of data that can be used against your customer. It can be misused by well meaning government agencies, identity thieves, and even your own business.
Do you really need to have all that information you store? Do you really need a list of IP addresses from a user? Do you really need their Full name, their mother’s maiden name, and their address? Do you really want to mail them information?
If you want your users to trust you, you have to earn that trust. It starts with a simple question:
If you were in your customer’s shoes, what information would you consider essential for a product or service?