getting bored now ..
.... hows about these "hackers" et al snitch the data sets etc etc to highlight a vulnerability in said websites, then promise not to divulge it unless and until said websites vulnerabilities have been fixed PRONTO. They could even offer to assist in that regard. Then some verifiable and trusted testing body could run attack vectors, whatever, to determine that the fix was good and the data could go back whence it came, all tidy like. Of course, the body responsible for hosting /constructing the web presence where said data was held would have to foot the bill for all this, as a lesson to all other peeps that wish to retain our / your data in such a manner.
Would that just not be exciting enough ?, although possibly more efficient and conducive to the common good.
* (the above does not, nor is it intended to, cover examples of data sets held illegally / dishonestly for nefarious purposes by guberment authorities with things to hide from those that democratically elect them etc etc.)