The principal problem..
.. is that companies tend to horde data, but not the time it was collected. No, really. The only thing they do is collect, collect, collect - but never expire, because that was not part of the original design. I get email on accounts I have not used in years.
The result is a forever growing mass of out of date information which makes a mess. Personally, I think it should become law for data to expire after x amount of years. No idea how many, say 5 (as crime seems to expire along that time, might as well use a common value). Want to keep it longer? Give a damn good reason, and get permission from the subject.
I can see situations where this is not possible, like police databases, but I think they have other problems to clean up first, like illegally holding on to DNA data when there is no evidence of a crime, and, in a twist worthy of Kafka, use your presence in that database as a sign that you're up to no good. No wonder the EU told them to stop this - which they're happily ignoring.
Oh, and while I'm at it, it's ll jolly well stating that "it ought to be so", but the Information Commissioners Office had its teeth pulled under New Labour. Unless they get some powers to kick the crap out both business AND government when they get it wrong I see no reason to realistically expect any change. Would you, given an option between a light fine and expensive business change?
Yup, thought so.