What can organizations do? In the near term, a company can change its behavior and minimize risks of future data security breaches by establishing a security incident response team with clearly defined roles and responsibilities. It can map how all sensitive personal information is being managed -- including vendor relationships. And it can establish a comprehensive and consistent risk and data-governance management system, reflecting its unique business model, culture and values -- with a senior executive who is accountable for performance in this area.

The real key is not technology, but policy and governance. And in the long run, companies will see that their data governance system is not just a shield, but also a differentiating asset. Organizations that understand their information assets and have access to them on demand can play better offense, as well as defense.

A good resource for further tips on improving security and privacy readiness in a climate of data exposure risks is the Council of Better Business Bureau's new tool kit, developed with the support of several companies, including IBM.

Although it has burst into public consciousness very rapidly, this problem is not an epidemic -- any more than the threat of pollution was a new phenomenon in the '70s and '80s. It just matters a lot more now. Trust is increasingly essential in a world where business models and processes are integrated more horizontally across functions and entire business ecosystems, and where companies must deliver a consistent, trusted experience to all of their stakeholders -- even while their business operations and models are radically changing in the background.

And as we've learned from both history and biology, the best way to nurture any ecosystem is to expose it to sunlight.