I guess some organizations will not learn it, maybe because they used to be owned by the government and still operate like they are or they simply have no concept around data privacy and security. Deutsche Telekom and its subsidiary T-Mobile (mainly focusing on mobile phone service) always had a bad reputation with the German population (they used to be the only choice for telephone services) but after a data breach that allowed access to sensitive customer data it issued some statements that really let the German population doubt that it had any concept around data privacy and security. The breach happened in spring 2006 and was just recently disclosed, even though T-Mobile reported the breach to authorities. I am kind of amused and shocked by a statement made by Philipp Humm, managing director of T-Mobile Germany: "We are very concerned by the fact that the incident from 2006 is relevant once again. Until now, we were under the assumption that the data in question had been recovered completely as part of the investigations of the public prosecutors' office and were safe." - data is not a car that gets stolen and recovered. Data can be copied a million times without anyone knowing about it.
Read the article here:
http://www.informationweek.com/news/security/attacks/showArticle.jhtml?articleID=210700232
1SSA - Security consulting, training and products: http://www.1ssa.net/