This is a good point. I often "misspell" private information if its not an official form. If someone had more motivation, they could do a "different-secure-number-per-provider" trick and work out who leaked the information.
That's a good idea. I also feed fake data to those "extra-official" enlistments. But never thought about keeping a control to discover the responsible for the occasional leak.
In Brazilian drugstores, there are legitimate situations where they actually need your data, e.g., when you need some injectable medicine. In such cases, they need to send an official notice for government control, BUT they also ask you for an original document.
P.S.: one might argue that government shouldn't have access to data about injectable medicines you take. Personally, given the severe situation regarding drug-abuse of countries like ours, USA and others, I see some valid motivation in such tight controls.
