I just did an interview yesterday for The Oklahoman. You can read the story here. Part of the  discussion included “what people should do” in light of the big data breaches in Oklahoma.

There are calls for legislation, calls for increased security, calls for punitive action and calls for pizza. That’s all well and good, but the point I want to stress is that nobody–nobody at all–should assume his data is “safe.”

Let’s suppose for a moment that you were very sure that State Agency X or Business Partner Y, or maybe Website-you-use Z was doing a very, very good job protecting your private information, to keep it out of the hands of thieves and other criminals. This is a huge assumption. But humor me.

Here’s the problem: you also do business with State Agency W, who does business with Subcontractor T. You do business with Website B and Website Q, also. None of these entities happen to be secure in their backend practices (laptops, other mobile devices, policies, even network security).

Just when you finish five years’ worth of work hounding them, and are satisfied they’re “secure,” oops, Subcontractor T is now doing business with Subsubcontractor V, and the process begins again.

The point: there is absolutely, positively no way that any citizen of any country on the earth should assume that his data is “safe” out there with all the entities that have it. Therefore, protect yourself. Watch your credit report vigilantly. Pay attention. Put a “freeze” on that report. Perhaps even use a service like LifeLock to help.

Assume your data is being breached daily, from one of the 5,000 vendors that have it. You’ll be ahead of the curve.