I understand what you are saying, but I ask again - apart from that email, have ever suffered any loss? Unfortunately, email addresses/passwords do get hacked, but as you found, these are often from long-dead sources, and of little use. Did the organisation you used that email/password combination for suffer an attack?
I use online banking, and have done for many years, with the same bank, branch and account and never had any problems. I also use online shopping quite extensively, so have accounts with a large number of companies - again all without issue for a long time.
I too use my debit card for the majority of 'real-world' purchases too - again without any issue and I have no unwanted attention from any of the establishments I have used.
If I encountered the situation you did at the Midland Hotel, I would ask why they needed it, then politely decline to supply it.
Yes, I suppose your personal details are 'out there', but have you, or anyone you know personally , ever actually suffered loss?
25 years on, I have never had a real problem - yes, the occasional spate of dodgy emails from sources using random snooping techniques, but they are so obviously fake they get ignored - not even retrieved from the server.
So again - have you ever been a victim?