Sometimes, we may tend to try to help people as much as we can. Doing so, sometimes we share more information than necessary. That should be avoided. Always make sure the person is authorized to know that information ere sharing it with him or her.
Transporting data in a not encrypted way may cause the data leaking to third parties. It should be avoided by enabling secure and encrypted communication and transport in an as easy manner as possible or feasible.
Always make sure you do need the data you collect. Never collect unnecessary data "just because". Instead, minimize the data collected as much as possible.
There may be changes that may also have implications on what data is collected for what purpose and processed by who. So, changes and their implications should be logged. It should always be communicated to or through a central group or person that keeps track of data collection and processing.
Principles inspired from "THEY DID WHAT?" by Chris Pahl, published by the International Association of Privacy Professionals (iapp)