This could be somewhat prevented if companies acquiring the data are legally barred from sharing it to other entities without getting a written statement from that entity that they have a secure mechanism to store and use it. Right now the company that did the shitty job is going to get a slap on the wrist at best. But the company that shared that data with this one is going free and even got to keep the money they got from this.
That’s not true at all for medical data. There are very strict data sharing agreement requirements in HIPPA, and there will likely be millions of dollars worth of fines for both parties, and it’s not inconceivable that someone could go to jail. HIPPA violations are taken really seriously.
