Last week I talked about personally-identifiable information (PII) in the context of a data breach. It reminded me of the three questions I always ask in relation to PII: Do I need this PII? It’s impossible to leak data you don’t hold. Is my collection, holding, and processing of this PII legal and responsible? This includes requests to have said data removed. Am I transparent about what PII I have collected? These should be simple to answer. If you run a business and they aren’t, con...