Companies, banks and institutions are demanding we give them our personal information, so why are their data security practices so inadequate?