When it comes to collecting data, and specifically our personal data, when is too much enough? This reminded of the lyrics and title from the 1978 Tom Petty and the Heartbreakers hit - Too Much Ain't Enough:

You got me on the line
Now tryin' to call your bluff
But you just won't be satisfied
Too much ain't enough

This came up in conversation recently at the board meeting of a "connected homes" start-up I'm involved with. You see, through smart sensors and apps, we'll have the ability to capture all sorts of data but the key question was "what should we collect?"

It got me thinking about a study conducted by the German motorists' organisation ADAC in late 2015 which found that in addition to distance data, driving modes, engine revolutions and so on, a BMW 320d was being used to collect a whole lot more. The car was transmitting all keyed SatNav destinations along with other personal information such as contacts synchronised from mobile phones. Now why would BMW need my contacts?

Do you know what data your car is capturing and transmitting? Perhaps you should. It's not like you have any control over its network security. So what would happen if your data was compromised - after all you approved the sharing of your personal data via your car - didn't you?

And from April 2018 all new cars will have to be fitted with eCell, a system that sends the exact location of a vehicle to emergency services in the event of an accident. Of course, to do that it needs an "always on" mobile data connection. Now, I wonder what your friendly neighbourhood marketing director might want to do with that?

As the current IoT wave continues to gather pace, more and more of our lives will become connected to faceless corporations who will suck up our data at the first sight of a mistakenly unchecked opt out box. So whose responsibility it it to guard our privacy or make sure companies "do the right thing" with our information? Surely it can't be us? We'd sign our lives away for the simplicity of a one click sign-on to the latest messaging app - we have proved we can't be trusted.

For years we lived by the maxim caveat emptor - buyer beware - until consumer rights came along to protect us from unscrupulous behaviour. I wonder what the equivilent will be in the data world because it seems that nowadays, not only do we we have to be protected from ourselves, but we also have to be protected from the things around us. Perhaps it's time for the CIO to step into the whole data collection debate and ask the question no one else seems willing to tackle; in a world where we can collect everything, what information "should" we collect to retain the trust of our customers. I mean, the "I" in CIO is information isn't it?