Federal prosecutors have arrested three men involved in what officials are calling the largest identity fraud case in American history.... Cummings would then use the ruse of "helping" the customers work through software and hardware problems to obtain the customer code that allowed the company to request credit records.
This is like a textbook case on why privacy issues are so importent. There is no such thing as "a company" or "a government" having access to privacy information; only "people in a company" or "people in a government" can have access to privacy-sensitive information. Now the people who had their credit records stolen, who have committed no crime, have to go through the effort of checking their records and potentially changing their Social Security Number and putting a fraud lock on their records, making credit transactions that much more difficult for the duration of the lock.
Better privacy policies probably couldn't have prevented this case, but they prevent similar incidents from occuring elsewhere, by either making it difficult to get things like credit records, or preventing information from being assembled in the first place. Consider things like TIA in light of stories like this, and consider how much mischief just one rogue TIA database operator could do, even aside from the other privacy implications. Does that much power belong in anybody's hands, for so little potential payoff from the scheme?