So many times we go to do something online and we are asked for all sorts of information. Let’s think about this in two buckets: What does the company or organization actually NEED from you to conduct whatever business you are doing? And what else are they asking for? For most things, when you get past a name and email address, you’re pushing it. Why do you need my mailing address? My phone? My exact date of birth?
And then when you layer in the security questions that more and more sites are employing, we’re getting over the top here. I mean, security questions for a banking web site or something similar? Sure, absolutely. But when we see them for sites where the business or transaction we’re conducting is just not that big of a deal, we are entrusting others without a compelling need to do so, with the very data that can be used to steal our identity.
Companies need to look inward and ask themselves whether they really WANT to be responsible for that level of personal detail. We all know that much of the information collected is purely for marketing, whether internal or to be sold. We just sort of accept it as the price of modern life and convenience, and move on.
But I would flip this around and argue that companies should protect themselves from the data piracy that is rampant these days. If you don’t have the data, it can’t be stolen, and you won’t suffer legal ramifications or a consumer backlash. Reputations matter and you don’t want to be the site people don’t trust, no matter how noble your cause, or how stellar the quality of your product.
So take a breath, get your marketing and IT people to dial it down a bit, and just don’t ask.