> this is a systemic issue of governments not having/not enforcing serious security measures.
To do so seems impractical. Imagine the government machinery that would be required to audit all companies and organizations and services to which someone can upload PII.
Not tractable.
The systemic solution wouldn’t be to do that. It would be to both remove their own requirements that organisations collect this data, and to penalise organisations for collecting it outside of a handful of already heavily regulated industries like banking.
The enforcement could be done by incentives, making sure the penalty for such breaches is large.
Sure, but they would still happen is my point.
Audit at random? With severe penalty in case of non compliance.