I think there are two key aspects to data breaches; privacy and fraud. The solution for the latter is simple; the liability is on the organisation that uses that identity data rather than the one that stores it. If the bank lends money to a criminal using my data, that's on them. I see no reason why any of the random bits of data that identify me should be of any use to someone else claiming they are me. These things shouldn't be considered secrets as they're always shared with at least one other party.
Just this would reduce the value of obtaining such data.
The privacy aspect is harder to deal with, but it's not obviously clear that a majority of people care. GDPR helps focus minds in large corporations s and maybe that's enough.
Just this would reduce the value of obtaining such data.
The privacy aspect is harder to deal with, but it's not obviously clear that a majority of people care. GDPR helps focus minds in large corporations s and maybe that's enough.