It's a repetitive cycle- corporations aggregate our data without our consent, corporations sell our data without our consent, and criminals steal our data by exploiting the companies that don't adequately protect that data. Despite the frequency of PII loss, and the disproportionately negative impact for those effected, many practitioners see their organizations routinely underfund or neglect their information security and identity programs. Furthermore, when existing regulations (or the lack thereof) fail to get companies to invest in securing identity data, what non-regulatory recourse remains to force organizations to remedy their security posture? In this session Jon Lehtinen outlines what actions, if any, can be considered an appropriate response to this pattern of corporate behavior, the future risks this continued behavior may bring, and how identity professionals can work to align the interests of their employers to the interests of those impacted by these lax corporate security practices.