A recent article on Krebs on Security described the (largely legal) method by which credit rating giant Experian allowed some 200 million US consumer records to be purchased by a Vietnamese man running an online identity theft service. From the article, it's plain that there's something rotten in the state of Denmark, so to speak. With free email services able to access and read your email, and the often cavalier attitude of companies after the fact when privacy breaches are discovered; they say "Sorry. Your information is important to us. Now, here is a year's worth of credit monitoring, and please go away." There don't really seem to be any real consequences, though (other than to us hapless masses).
A comment after the Krebs story caught my eye, and actually sounded like it could be an answer. Now, I have no legal background, and have no way of knowing if this is even possible, but it makes sense to me.
Commenter SMERSH said:
Now, SMERSH quickly discounted his own theory in a self-deprecating way, but my gosh, does that - or something along those lines - not sound like something that might just work?Individuals should have internationally-recognized automatic copyright over all their personal data with reverse onus of proof – anyone has my data they must prove they have my explicit and informed permission. Criminal penalties apply.