[dandermotj]

In the EU we have the incoming GDPR to legislate for (and penalise) data breaches like this. This directive is very clear and detailed on how data should be collected, securely stored and disposed of. US law is a decade behind the EU.

[mtremsal]

To be fair, the GDPR extends to any company that processes personal information from EU subjects. It is raising the bar for most US companies.