How much of that personal data was needed? That's actually needed as opposed to "needed" because someone wanted it.
For instance if the business is providing company credit cards why should they need employees' credit card details? I'd like to think that at some point the penny will drop and these businesses will realise that all that "valuable data" they've been hoarding is really toxic waste.
Biting the hand that feeds IT
