Data retention policy for Google..

Recently Google defended its data policy after EU reported that Google retained user data for up to 6 months. It is doubtless to argue that such arrangement was not appropriate as no regulatory requirements are allowed to store user information up to 6 months. What is the impact if Google really wants to store user data up to 6 months? To me, there is no impact if cautious steps are taken. Many times, we as novice user of the Internet can do a lot more to prevent major incidents ( for example, data thief etc over the Internet) by practicing due diligence. What I normally do when I surf the internet is the following to prevent my subsequent worries:

1. Do not use the same password as the password used for your ATM cards when sign up free services or membership over the Internet. You will never know when these password are available easily to the bad guy next door.
2. Do not reveal credit card information if the site is not secure. (Secure means at minimum, they have valid SSL certificate and it is established domain).
3. Do not reveal too much personal data ( your bithdate, handphone, address ) in public forum etc. They are good source of password attack.
4. Change your password at least quarterly to ensure if someone is guessing your password. Use at least 12 characters with mixed alpha numeric.