When credit cards are compromised, the responsible party is usually responsible for providing identity theft protection. Why not tech firms that seek to store sensitive personal information? Maybe it'd scale back the desire for every firm to collect as much personal info as you'll provide them.
True, however, it does put SOME price on data collection, rather than leaving it in the realm of pure externality. The deterrent of cost is the benefit, not the protection itself.
On the other hand, adding a price may embolden deep pocketed organizations to 'pay to absolve' for losing data to hackers on an ad hoc basis as a cheaper alternative to strong security and limiting data collection scope. In that case, the impotence of ID theft protection hurts a lot more.
