I'd be perfectly willing to forgo personal notification of the theft of credit card numbers. I just don't think it's that important, and the liability lies with the banks and the merchants. In contrast, the outcome of my SSN being abused falls back to me, in credit reports, false arrests, etc.
I don't particularly agree with this statement, but what really caught me - as it has in the past - is the ridiculous amount of power the credit reporting agencies have over our lives. Credit agencies have performed data-mining almost since before data-mining had a name - and the amount of financial data available to them is provided, typically without your clear consent by your bank, credit card company, mortgage company, car loan company etc...
What's worse is that, if you ever want a loan (or even an apartment), you're required to provide access to this data as a reference that your credit is good.
Even worse than that, is there are virtually no controls over what people (malicious or otherwise) can report about you to the credit companies. There are "appeal processes" in place with these companies to have invalid entries "expunged" from your credit rating - but if you've ever gone through this process, it is ridiculously arduous and the invalid information never truely gets removed from your rating - it still appears as a reported item but, at least in theory, isn't used to calculate your "risk rating".
Now, if you go to the web pages of the credit reporting agencies, the first thing you see is the ability to watch your own credit rating for a fee (this is at least true for Equifax=$12.95/month and Transunion=$9.95/month).
In my opinion, these companies are highly responsible for the lack of controls on personal information, because there are no meaningful controls. As far as I know, any controls that are in place, are largely "self-regulated" since there has been no significant backlash from the average proletariat who has been largely abused by their "services", so the government hasn't bothered.
To my mind, there are several controls that should be federally enforced for these types of companies:
1. Requirement to have a method to contest an item on your statement such that the company that provided the originating information is required to substantiate their claims - right now, you are on the hook to prove to them that the statement is inaccurate.
2. Requirement to have this information permanently expunged from all of their reports.
3. Requirement for you to sign a separate agreement with your loan company (or whoever) stating that you agree to allow them to share information with CreditRatingCompanyX - after all, for them to access this information you need to sign a separate agreement (one of the few government-enforced regulations).
4. Requirement to share this information with the owner for free - it is after all, information about you. (As an aside, I wonder if they've ever been sued for slander for sharing inaccurate information??)
I really think this would have a positive impact on identity theft because it would make people aware that this information exists about them, and a pro-active method for people to prevent abuse of their credit.