Theresa May has refused to say whether Britain's security services are accessing medical records and other potentially sensitive information.
The home secretary said she did not want to "go down the route of giving information about the sort of data sets that are being acquired".
She was speaking to the draft Investigatory Powers Bill committee.
It was revealed last year that GCHQ is downloading large amounts of personal data to aid its investigations.
It could include the personal details of "a large number of individuals, the majority of whom will not be of any interest to the security and intelligence agencies", according the draft bill.
The information from these "bulk personal data sets," which could include everything from the electoral register, supermarket loyalty schemes or bank records, is then analysed to enable investigators to "join the dots".
The practice is covered by old legislation and has never been debated by MPs.
Theresa May is promising new safeguards over the use of the powers, including six-month warrants to access data, and judicial oversight.
She said the security minister, John Hayes, had written to the committee of MPs and peers scrutinising the draft bill to give the reasons why the government did not want to reveal the kinds of data investigators were accessing.
She insisted the practice - and the sweeping up by the security services of large quantities of internet traffic passing through the UK - did not amount to "mass surveillance" as civil liberties campaigners claim.
"The UK does not undertake mass surveillance," she told the committee.
The government's anti-terror legislation watchdog David Anderson is set to warn in a report that Ms May needs to come out and make the case to MPs and the public for the bulk collection of data.
If the government does not do this, it risks the practice being outlawed by the European Court of Justice, he is set to warn.