Here is what I find funny about this and other threads that are similar in nature (re: invasion of privacy; ID Theft etc)
Lets assume a non-PAL related purchase:
The buyer is willing to provide plenty of information about him/herself to start with (Name, address, phone, email) as well as Credit card information which I will assume includes CC #, expiry, and CVV # on card back. If I was in the ID theft racket, I now have all I need. I don't need your PAL and DOB to take you to the cleaners. And you willingly send all this via email (and/or via phone)
My thinking is "I either trust this vendor or I don't" I either believe they and their employees will protect my confidential information or they wont. If I think they will, I supply it and buy. If not, then I don't. Simple as that.
But there is no need to get all hot and bothered and start threads about vendors because of my (or your) paranoia.