Sometimes I feel like a paranoid weirdo emailing companies to delete my information. Sometimes I'll even have to be a bit forceful and put pressure on them. But when even the big guys like Volkswagen can't properly protect PII, how can a little online shop?
I’m not sure that size matters. I think what matters is if the company cares about protecting your data and why it’s needed.
I don’t even think it’s difficult to protect the data of your customers.
Sure, being immune to any targeted attack is really hard, but not being an easy prey is just about caring a minimum about your responsibilities and thinking about what should go where.
From my experience, when marketing department enters the game, that’s when it becomes hard because they just don’t care about the data they hold. It’s just random excel files and numbers that they work with.
In big companies this data tends to be spread around in tens of databases managed by a lot of different teams spread across the globe. And they're a big target for hackers. I'd rather trust the little online shop using some off-the-shelf webshop solution.
I honestly don't know how many times my data has been stolen from various entities. The biggest/most important was the OPM breach, but there have been so many more that I legit don't know the number of times and would have to paw through a bunch of records to find out.