You can claim that your security policy has never been breached, as long as your policy is to not check security.

Yesterday was January 28, and while some of you might connect this date with German Emperor Henry IV.'s Walk to Canossa, the first publishing of Jane Austen's classic Pride and Prejudice (now available with Zombies) or the Space Shuttle Challenger Disaster (and the brilliant analysis of its origins by none other than Richard P. Feynman, one of science's greatest communicators), or any other occurrence in history, it is also, since last year, Data Privacy Day.

I observed this day by compiling a list of websites and services that I use more or less regularly, and what they know of me.

My old University knows my name, date of birth, academic performance (obviously), place of residence, etc. but also a lot about the books I read and could possibly intercept my e-mails. It also knows two of my passwords, for the e-learning-service and the mail-login.
My local library knows date of birth, place of residence, books I read, and one password for online services. The German Red Cross knows about my health and blood type. Martin knows my full name, and my alma mater, and everyone who reads this blog knows that I'm from Germany and have a Master's degree in History and English - and also that I'm a geek.
Similar stuff is probably known about me on the badscience.net forums (even though I don't post there often). AOL knows one of my passwords and can possibly see what I chat about with some friends, and who those friends are. Valve knows one of my passwords, and how often I play which one of their games. My ISP knows one of my passwords, too. So do three or four other sites I visit about once a month.

But these are basically all the websites and services I have some kind of "traceable" (other than by IP or similarly more low-level) connection to. I don't have a facebook account (nor one for any of the many, many "clones"). I don't twitter. I don't geotag my personal photos and put them on the web via flickr. I don't have a YouTube account. I don't have a Google account, either. I use Ubuntu and Firefox, blocking (potentially harmful) ads and scripts, and I automatically delete all my cookies every time I close Firefox (Update: I might still be traceable, though). I don't have a mobile phone contract, but use a pre-paid. I don't have a smart phone and don't use the internet-on-the-go. I don't have an App for that. I don't have a credit card. I'm not listed in the phone directory. I don't participate in marketing competitions. I don't buy on amazon or ebay. I don't have a paypal account. If I comment on blogs or news article at all, I do so as anonymous coward - even on websites I read regularly or daily. I don't have a Wikipedia account (anymore).

I have about half a dozen different passwords, with varying complexity and for varying purposes - mail account, blog, whathaveyou.

Some people might call this paranoid, but is it, really? I know that some other people only use the internet via an anonymous proxy, encrypt all their communication and harddisks, and do not own a mobile phone at all. Extreme? Well, yes. But also pretty secure...

I encourage you to take stock as well: Who knows what about you? Are you satisfied with the dissemination and proliferation of your data? Get educated and think about it - and maybe do something about it. But at least be conscious of the risks inherent in giving data away.