Was 2007 a good or bad year (in terms of number of breaches and number of records stolen)? As it happens, there's some controversy as to the answer for that question. This article from Information Week says that 2007 was a bad year for privacy, breaking records in terms of both number of incidents and number of records lost. However, when this blogger at Chronicles of Dissent crunched the numbers, (s)he concluded that 2007 was a (relatively) good year in terms of both number of incidents and number of records exposed.
While the fight involves doing things like actually counting numbers of breaches and records (something I don't want to do), I will say that the post from Chronicles of Dissent brings up some good points, something even Information Week concedes. However, there is something I wanted to clarify. Both Information Week and Chronicles of Dissent listed the number of records exposed by the TJX breach at 94 million. That number, while included in court documents filed by the plaintiffs in that case, could very well be wrong. There has been no trial in TJX, and so the plaintiffs' contention that 94 million records (rather than the 46 million records cited by TJX) were exposed has never been tested or validated by a court. Given that, if 2007 is counted with the more conservative (but clearly not overstated) 46 million figure, the number of records lost in 2007 drops by more than half, regardless of who's counting. With that drop, the number of records lost in 2007 appears to be trending down from 2007, meaning that 2007 was (according to that measure) a relatively good year for data privacy.