Yesterday I posted about weaknesses in systems deployed by the IRS. In that post, I used the weaknesses as an example of the limits of government regulation, given that they showed that even the government itself couldn't keep its house in order. However, something I didn't explicitly address in that post is that the weaknesses in the IRS' systems also demonstrate that there are serious limits on what consumers can do to prevent their information from being compromised. After all, you can't avoid paying taxes, and, by definition, the information held by the IRS is highly sensitive financial data. The result is, simply by virtue of being an American and following the law, your information is at risk.*
So what can ordinary consumers do to protect themselves? In the case of information security, for individuals, I'd say that an ounce of cure is worth a pound of prevention. That is, rather than worrying about protecting your data (which should be the responsibility of the merchants/government entities your data is entrusted to) individual consumers should worry about how they'll find out and deal with it if their data is compromised. Easy steps like credit monitoring, promptly disputing unauthorized charges, and maintaining backup accounts/lines of credit in case one gets frozen as a result of fraud can make recovering from the extremely hard to prevent data compromises a substantially less miserable experience.
*As a note, I don't mean to single the IRS out as an exceptionally bad actor. Indeed, if you compare the IRS' security practices with security practices at TJX before their big breach, I think the IRS comes out way ahead.