@jrose @steve @griotspeak I think we’re all dancing around different sides of consensus here: sometimes data collection is necessary; unnecessary collection and unnecessary retention both create risk; sharing should be tightly regulated.
I’d add that my view that accidental sharing — i.e. getting hacked — should carry hard-to-avoid liability. I want insurance companies on corps’ cases about what data exists & for how long.