> Now let's assume a hacker breaks into their system and downloads a full dump of their database. Now that hacker has many (hundreds? thousands?) of key photos matched directly to addresses and likely tons of other PII.
In theory, they could encrypt the data with a public key before it ever hits the database (or any other permanent storage) and ensure the matching private key is never stored on the same computer.
In theory there are lots of ways they could secure the data, my point was that in the non-theory real world most online companies fall way short of good practices for data security.
This is why barely a day can go by these days without some some story popping up on HN about "Company XYZ was hacked, customer data exposed".
In theory, they could encrypt the data with a public key before it ever hits the database (or any other permanent storage) and ensure the matching private key is never stored on the same computer.