Re: Sensitive by default
@JustaJKOS "to ensure that it does not end up in the wrong hands"
Nope, you've missed the point.
Classifying "Sensitive" data is about WHO should have it and process it, not about how it is kept secure. Classifying data as Personally Identifiable Information (PII) is about HOW it should be stored. Sensitive is a subset of PII.
Name, Address, DOB and sexual orientation are items of PII data, but not all record holders need to process all those items, and each must justify WHY they need to hold it. El Reg profiles shouldn't need to have your sexual orientation, but it might be considered important on a dating website. BOTH need to ensure ALL the PII is held securely. To over simplify, the theory of "Sensitive" is that its the stuff you could be blackmailed or discriminated over ("we don't want Union Activists working here")
Totally agree with your last paragraph - too many people don't take PII seriously.