Google, for example, waited a month before going public with details of its December 2009 cyber-attack. That gave the company time to figure out the full extent of the incident before subjecting it to public scrutiny.

Sony's greatest faults were confusing its customers by going public with information before it was ready, and storing old, encrypted financial data belonging to thousands of users, said Beth Givens, director of Privacy Rights Clearinghouse. But far worse breaches have received much less attention, Givens said.

For example, in March health care services provider Health Net lost . With Social Security numbers, identity thieves could seriously disrupt the lives of Health Net's customers -- Sony says that the vast majority of its victims had little more than their names and e-mail addresses stolen.

And while there has been little coverage of the Health Net breach, the to its 102 million affected customers. A security freeze would stop ID thieves from opening new accounts, but it "makes no sense" in the Sony case, Givens said. That's because criminals can't establish fake financial accounts with the Sony data. "In the Sony case, Social Security numbers were not compromised. It's credit card numbers and debit numbers," she said. "A security freeze is overkill. "

Still, the lesson from the Sony breach may be that customers are fed up with companies that don't take their privacy seriously, and expect to be told about data breaches as soon as they happen.