The identity theft of 26 million U.S. veterans and spouses has sparked debate and numerous investigative meetings. That significant data breach will cost us taxpayers over $100M to notify the affected parties and offer credit protection against potential abuses.
You might be thinking that this compromise of privacy information is a rare occurance or a red herring but in fact, this is merely the latest and best publicized incident in recent history. To get a better view into the number and frequency of compromises look at the record and chronology of these events at http://www.privacyrights.org/ar/ChronDataBreaches.htm
Furthermore at the time of writing, the www.privacyrights.org hadn't yet updated to include this latest faux pas.
When will organizations get serious about security? Who knows? Unfortunately, it often requires unfortunate incidents like the Veteran's Administration debacle to spur change. I'm not usually in favor of legislating our way to security but laws like California's SB 1386 legislation need to become nationally adopted. SB 1386 holds companies legally and financially responsible for communicating to customers should information held or stored about any California resident be violated. It's created the necessary incentive for at least some organizations to take seriously the stewardship of privacy data.
Meanwhile companies need be responsible to act before they get acted upon.