Companies, organizations and sometimes even government agencies have been careless with the personal information they have traditionally collected. In their defense, personally identifiable information, sometimes simply called PII, wasn’t historically much of a target for hackers and criminals.
http://feedproxy.google.com/~r/Securityweek/~3/rwTPdc0pdV4/how-gdpr-unintentionally-driving-next-decade-technology
