Increasingly, it seems like the weakest link in our personal security is outside of our control. You can be as diligent and ingenious as you like about protecting your own confidential information, but if that same information is stored by someone else who stores your data in plaintext, hosts malware on their PoS terminals, downloads your records to a laptop and leaves it on the backseat of their car, etc. etc. you're screwed.
Attempts to resolve the situation are then typically frustrated by the "Too big to care" effect that seems to cling to large organizations.