Personally-identifiable information [1]. Many states require notification in the event this data is found to have been accessed improperly. The definition of a "breach" is not limited to technical malfunctions.
Personally-identifiable information that users chose to share with the world as part of public profiles.
We might say that you can't sign away the secrecy of your PII, so user consent is irrelevant. Then we had better get on YCombinator, Stack Overflow, Medium, etc. for allowing prominent community members to use their real names on their posts. Someone could [0] use them train statistical models to who-knows-what purpose, after all.
Personally-identifiable information [1]. Many states require notification in the event this data is found to have been accessed improperly. The definition of a "breach" is not limited to technical malfunctions.
[1] http://www.ncsl.org/research/telecommunications-and-informat...