To decide if data theft is potentially a problem..
Just look at a few thousand news stories regarding the loss of personal data. Including a fair number about sites and businesses that stored credit card data, something explicitly banned by the credit card companies (Visa / Mastercard) themselves. Banned for the obvious reason that if lost, this would be bad.
This in turn led to whining from these companies that Visa and Mastercard would no longer allow them to process credit card data, and they might go out of business. A loud cheer at the prospect was all the sympathy they got.
Now we have ISPs vacuuming everything they can, including that which was typed into 'secure' portions of a website. Credit card numbers, social security / national insurance numbers, addresses, phone numbers, dates of birth, mother's maiden name, bank account numbers, routing codes, you name it, it has been recorded.
We're told this is fine, because they're only using it to serve up spam and popups. We're also told this is fine, because if we search hard enough, we can find where we didn't opt out of it.
What should be concerning everyone, including banks, credit card companies, social security administration, IRS, is that personal data isn't all that secure these days. Why? Because there's no incentive to make it secure. Losing it doesn't result in a punishment beyond sending out some emails (at best) or more usually, no punishment whatsoever.
What should be of more concern to those doing it, is the complete illegality of what they're doing. I'm sure the IRS in particular would be happy to find out that customers are having their information lifted as they type it into 'secure' websites. And banks, and credit card companies, you know the people that are compelled to make good on stolen credit and debit card purchases. I'm sure they're thrilled about the ISPs creating yet another insecure database of their information.
And that's the thing. Why isn't stealing information from a computer illegal when an ISP does it? If I hacked into the networks of these businesses, stole their information and promised not to pass it on, would that be ok if I hid an opt-out clause somewhere on one of their computers? I sort of doubt it. You figure it out, and then tell me why they're allowed to circumvent security put in place on commercial websites, and vacuum up data on your computer, just because they've placed what they're doing in a ton of legalese, somewhere in your service agreement.
Seems to me that posting a newspaper through a door, with the words "I'm going to take your possessions, unless you opt out" typed somewhere in the middle of it, wouldn't be enough to stop me going to jail if I robbed that house. But somehow that's the basis on their activities being legal. Beats me why a number of CEOs aren't being arrested. As far as I was aware, just being ignorant of the law doesn't make you immune to it. So saying "I didn't know thieving data from someone was illegal" isn't usually a good excuse.