In my personal / social (nonexistent) life I practice all the normal privacy and security practices. People often say they have to break these practices for work. Explaining how I handle work life should enlighten how I can improve privacy and security at work.
Preemployment
From a legal aspect of employment in the USA, my employer has a copy of my Social Security card, and a copy of my state issued drivers license. The drivers license copy they have does not have my current address. Let’s just say I moved. Other than employment history they do run background checks pre employment and I have no idea what they have collected. This covers pre employment and having a valid or not valid non expired drivers license where you do not live works for me. The company should never require that I provide these two PII again, once and done.
Work related mail
All general mail from the employer new hire packets, etc… Which you can not opt out or go paperless is sent to a P.O. Box in the town where I work, in a zip code which I am not associated except by this P.O. Box and work. After the first month and going paperless the mail is drastically reduced. Depending on your benefits some documents must be mailed. There are guides out there on setting up P.O. Boxes and mail drops privately. I choose a P.O. Box for long term stability. Mail drops and using friends and family mail boxes may work for you.
My employer allows me to change my mailing address through a human resources website. Changing this address changes all mailing address for company related documents. This address shows up on my W2 form for taxes so another reason to use a P.O. Box. The W2 is set for paperless, hopefully you have this paperless option.
Health Insurance
Health insurance is a huge benefit and HIPA seems to clearly define what they can get away with. My company policy is to use the mailing address which I can edit on the Human Resources website.
What information your medical provider requires can vary greatly. You may share more accurate information with your primary care provider and less and false information with a one time use medical provider, such as a 24 hr Emergency medical center, out of network care.
Being prepared to fill out a form every time so they can update their records is beneficial as you can change your information at this time. Now days you will get text messages for appointments, surveys, etc… Yes have a burner number and alias email address for this use case. They will confirm a mailing address usually the one on my invalid unexpired drivers license which they ask for and freely will change to a different mailing address. I’m not lying when I say that is not my current mailing address. 
You need to be prepared or learn from your failures before you walk into a Dr. Office. If your one of the “you should not lie to your doctor” types, you should consider who you trust.
Other financial benefits mailed
Life insurance, retirement programs, etc may have documents that are required to be mailed. The last document that I received was a beneficiary change on my life insurance for example.
Company Email
Everyone is going to have a different use case for company email. Compartmentalized considerations should be used here. If you can’t isolate, then bundle. As an example my employer sponsored 401k is linked to my company email.
A primary care physician offices does not get my company email. I do not want any correspondence from a doctor accessible by the company.
I can not easily change my company email. I’m stuck with what I got so consider long term issues.
The company email format is preferredname.lastname@company.com This might not be an option for you, but I set my company email up with an abbreviation of my middle name. I don’t use that name at work, and only have been asked by a couple coworkers, to why that name was used. They know me by my legal first name. I do not use my legal first name in real life.
Mobile Phone
By my contract I have to provide my employer a phone number. It does not have to be a cell phone number. Some of my coworkers still use a land line. After settling in from getting hired, I changed my phone number which was on my resume. Just adding this note, the email on my resume is not used anymore. It was a gmail account which I have not deleted to monitor and protect someone from recreating the account.
The company did not validate this new number. The next time I get a new number I will not make an effort to update it. The only consideration is SMS 2FA for resetting a password, which I have never used, I use a SimpleLogin alias email for account recovery.
My coworkers contact me on my phone and I send pictures for work reasons. My primary phone is a Pixel with Dual SIM Dual Standby, the contract number is for internet and a prepaid number for text and talk. There is a handful of people that have my contract number.
My coworkers get my prepaid eSIM number, and SMS is the only text and picture sharing option we use. I have shared an invite to use Signal, and less than 10% have created an account. None of my coworkers send me anything on Signal. Granted most all of our conversations are logistic work specific conversations.
As of now I plan to get a new eSIM number annually. One work related contact who is a company preferred vendor has this eSIM number. Other than that its used for friends, family, and a few trusted long term accounts like Signal.
Home Address
As mentioned my actual home address is unknown to my employer but some of my coworkers know where I live. The ones that do know where I actually live also know I own multiple homes and consider that on my days off I may be at any location. My family members are involved with the community so there is an association back to myself which my coworkers are aware of. My family and I do not live in a bunker, but these precautions do isolate my personal information from my work.
Payroll or Direct deposit and personal banking
I use one bank for direct deposits and transfer those deposits to a different bank that does not charge for transfers. This is an old concern that the company can pull money out of your account if your over paid. I simply do this to separate my checking and savings accounts. I have a separate bank just for a mortgage.
What is the actual threat?
My employer was attacked by ransomware a year before I was employed. They will be the first to state they are not liable of any data leaks.
In some terms of service which I did not read, it was a matter of employment which was very important that I sign at the time, I agreed to them sharing more than I want.
Recently I received an email from Hinge Health on my company email. I did not see any PII in the email. I contacted Hinge and asked what was the purpose of the email, and played dumb with asking if I owed them any money. I do not know if they know who I am other than some employees of my company. The HR dept would not know what I am talking about or why I am concerned. I would be raising a red flag by talking about it.
One of my coworkers needed a proof of employment statement from the company. The HR dept. referred him to an employee verification website. He told the company the bank did not have access to this service and worked around this issue. The employee verification website is a part of Equifax which we all should know of the Equifax data breach. Once again I did not realize I was giving my personal information to a third party or trusted partner of my company.
As long as the company is not liable for my privacy and security it is my problem and my responsibility to limit what they know.