"Lots of organizations and institutions, governmental and private both, are really good at collecting data, but don't have the practices and technologies in place to make sure [they're] well housed and secure," says Jim Harper, a security expert at the libertarian CATO Institute in Washington. "That's why people are able to dip into databases they shouldn't dip into."
So what's a privacy-conscious person to do? Cut up all credit cards and use just cash? Forgo a passport and foreign travel?
"The only real protection the public can have in this arena is to deny the government the information in the first place," says Tim Sparapani, senior legislative counsel at the American Civil Liberties Union. "Despite all of the bells and whistles, the government has proven itself to be miserably poor at controlling and limiting access to the information that it's gathered about the public."
It's not that the government doesn't try. There are reams of regulations that people with access to confidential information are sworn to follow. Agencies such as the Department of Homeland Security have their own privacy offices that spawn their own committees which study and address both the regulatory and technological ways of protecting all the information that government has in its databases.