[dispense]

How about not requiring personal data when it's necessary anyway, and removing it as soon as it isn't necessary anymore? If I buy a LaCie drive in a brick-and-mortar store and I pay with cash, there is exactly none of my personal data there to be stolen. I don't see why this shouldn't apply to my online purchases. In fact, I'm quite annoyed that it doesn't apply at all.

[rhizome]

There's a middle ground where custodial responsibilities are legislated, where the customer retains property rights in the information collected by the company and thus provides a cause of action if the company fucks up.

[wdewind]

Because the next time you'd want to shop with that store you'd need to fill out the profile again. This kills the conversion rate.

It's a security/UX tradeoff.

[dispense]

The minor inconvenience of re-entering my shipping data every time clearly outweighs the possibility that some crime syndicate gets their hands on my personal data. At least for me. I would appreciate it to at least have the option to not create an account when I make a purchase. I've seen too many data breaches to have much confidence in the security of the majority of webshops. The only secure safeguard against theft of personal information is to not have it stored in the first place.

[cordite]

This seems like the perfect place for payment processors to exist, like PayPal and google wallet or whatever ones out there you'd like to use