UK organisations should keep data collection to a minimum to reduce the risk of contravening the Data Protection Act, says the Information Commissioner's Office.
"If you haven't collected it, you can't lose it," Dave Evans, senior data protection practice manager at the ICO told the Inbox Out conference in London yesterday.
Good data protection practice means collecting only data that is absolutely necessary, he told mainly e-mail marketing practitioners at the electronic messaging conference.
"Anyone signing up to online services such as newsletters should have to answer only the minimum of relevant questions," Evans said.
He cautioned that asking for more information than necessary could also make people suspicious and have a negative effect on their confidence in an organisation.
"Independent research for the ICO has shown that 85% of people in the UK avoid giving personal details wherever possible," said Evans.
The number of people who are concerned about the protection of personal information has increased 34% in the past year, he said.
"Customer confidence is easily lost," warned Evans.
Businesses should therefore avoid using personal data for any new purpose that would not be expected by the individuals involved, he said.
"Organisations must be clear and honest about how they intend to use personal information when collecting information and stick to that commitment," said Evans.
Similar guidelines apply to tracking people's online behaviour for marketing purposes, he said.
"Collection and use of such information can be done only with consent of individuals involved," he said.
Organisations using this marketing strategy must tell online users what they are doing, give them the choice of opting out and must respect that choice, said Evans.