This is unquestionably true, but it is an awful excuse to not enact any regulations. Honestly, what do people expect is the answer if the free market has already shown to fail to address this problem and we are ruling out regulation because is increases the barrier to entry?
"regulations could avoid security breaches anyway"
Translucent Databases 2nd Ed: Confusion, Misdirection, Randomness, Sharing, Authentication And Steganography To Defend Privacy http://a.co/c78Gij0
TL;DR: All demographic records are stored encrypted, are no longer retrievable if you lose the signing key. Think "proper password storage" extended to all things.
Bonus: Support for GDPR "right to be forgotten" for free. Just erase the key(s).