Who has your personal information? Discrete data vs. aggregate data

As the national discussion about the NSA domestic spying program evolves, one common refrain I hear from defenders of the program is that we share all kinds of our personal information with strangers all the time.  This reasoning misses the distinction between discrete versus aggregate data.  It is true that Amazon.com knows what books I buy, Zappos knows my shoe size and color preference, AT&T knows who I call and for how long, DMV has my driving record, the IRS has my income, my grocery store knows what I buy and when I shop, and so on.  So what's the big deal if NSA has this information? 

Yes, we willingly convey a lot of our personal information to total strangers and corporations.  But the essential point is that discrete entities have different pieces of our personal information.  NSA apparently has our phone records, internet browsing history, Youtube viewing/posting record, and Facebook records.  The fact that we don't even know what information of ours NSA does and does not have is a huge part of the problem.

The violation of privacy comes when one organization or entity, in this case the NSA, is able to, without oversight (since the  other two branches have rubber stamped the policy), collect aggregate amounts of our private information, store it indefinitely, and for unknown uses.  Right now, most Americans have given their consent to the specific corporations and government offices that they do business with to have access to slices of their personal information.  They did not consent to hand over large swaths of their private information to be collected, viewed, and stored by one entity.

I'm not even going to get into the security risks of concentrating such in depth portraits of each person in one database.  If Chinese hackers can hack into Pentagon databases and steal prototype weapons designs, how confident are you that NSA can keep all your data safe?