A sufficiently large and complex organization should be implementing Separation of Duties (SOD) such that a person with this level of authority should not be allowed to mishandle data without going through approvals beforehand: <a href="https://csrc.nist.gov/glossary/term/separation_of_duty" rel="nofollow">https://csrc.nist.gov/glossary/term/separation_of_duty</a><p>So questions we should all be asking, as good citizens of this world:<p>1. What industries are handling sensitive data?<p>2. What regulatory oversight is requiring them to do it safely?<p>Ultimately many facets of this article's premise are purely American. Look to places like Europe and even China to see how these kinds of problems are being addressed. The US has done plenty here, but there are huge exceptions that make concerns like this one very real.