It's a bit like keeping money... You can stash it under your mattress, hoping you'll never suffer a burglary; or you can give it to a bank, and let them spend money on security and insurance.
This said, banks have specific fiduciary responsibilities and the above-mentioned insurance, which compensate for the big target they're painting on their own backs; whereas most tech services, even massive ones, tend to hide behind service agreements boiling down to "eh, if it happens it happens, nothing we can do, sucks to be you". Unless they're in healthcare, they're barely required to disclose whether they've been breached, let alone compensate us for the loss of privacy and increased risk of identity fraud that we endure.
Maybe it's time for the legislator to define "personal data providers" a bit more rigorously.
>and increased risk of identity fraud that we endure.
The problem is even worse than that. The whole framing of the issue of identity theft as a thing that happens to a person rather than a bank is problematic. That the bank issued credit in my name to someone other than me really should be entirely their problem, not one that probably messes up my life for years.
This said, banks have specific fiduciary responsibilities and the above-mentioned insurance, which compensate for the big target they're painting on their own backs; whereas most tech services, even massive ones, tend to hide behind service agreements boiling down to "eh, if it happens it happens, nothing we can do, sucks to be you". Unless they're in healthcare, they're barely required to disclose whether they've been breached, let alone compensate us for the loss of privacy and increased risk of identity fraud that we endure.
Maybe it's time for the legislator to define "personal data providers" a bit more rigorously.