My question about all of these data breaches is why do you have this information in the first place? Next is why are you retaining it for an unlimited time period making yourself a target for hackers. This is especially true for a company like this and their claim that no payment information was compromised. So why do you have names and email addresses home addresses and phone numbers for over 1 million people on file. Do you have 1 million cars parked in your lot right now? Has there been 1 million different people in your lots in the past 60 days? 60 days after someone has pulled their car off of your lot you should have no more information about them except the minimum required for billing justification. Which is a transaction number and the service and since we're talking about cars potentially a plate number. That's it.<p>Governments need to start enacting legislation to have high punitive damages paid out to these companies customers and not the paltry you get a year or two of credit monitoring garbage. Literally like $10,000 in incident to remove the incentive to take and hold this information to resell it. Additionally the legislation needs to dictate that at the time of the service only the minimum information required to provide the service can be required to be collected. Optional information can be collected but it must be marked as optional. Choosing not to provide the optional information you cannot be denied service or charged an increased fee.<p>Something like parking the minimum is payment information which becomes a payment transaction ID the moment it's processed, something to identify your vehicle you're leaving plate number or VIN number and a ticket stub that you are required to have with you when you come to get your car. Failing to have your ticket stub the other means would be to prove ownership through the title or registration and an ID. That's the minimum if you want other information to make it easy that's fine but that's all that should be asked for and it should be obvious this is the minimum. Then you don't really have anything for hackers to go after.<p>I realize this is Canada but this kind of nonsense happens in the US too. And I really love how courts have deemed that the right we have to be secure in our persons and papers and effects does not extend to entities we do business with. I'm fairly sure if you asked the drafters of the Constitution if that meant the government can purchase records from private companies that you need to do business with in order to meaningfully participate in the society that we've built they would say that that protection extends there as well. Because we no longer have personal control of the vast majority of the papers and effects in our lives. The idea that you still have a modicum of control as a customer in your business relationship would always have been a thing.