NEW YORK (CNN/Money) - Nice. Another day, another security breach that threatens to expose your information and mine to the wrong people.

On top of news last fall that the Feds charged three men with running what is potentially the biggest identity theft ring in history, we heard this week that hackers may have gotten access to up to 8 million credit card accounts by breaking into the security system of Data Processors International, which processes credit card transactions from merchants.

Such breaches remind us how vulnerable consumers are.

Companies keep vast amounts of consumers' personal information in their computer databases. Determining what's "adequate" in terms of security is a matter of balancing risk with reward, said Harris Miller, president of the Information Technology Association of America, the trade association for the IT industry. For instance, how much will an increase in security slow performance and thereby inconvenience the business, the consumer or both, and how much will it cost?

Miller gives the example of choosing to drive a car versus a tank. You'll certainly be safer in a tank, but you're not going to get very far very fast.

In light of the breach at DPI, the credit card industry almost certainly will be rethinking its risk/reward balance, Miller said.

ID THEFT CHECK UP • Click here to see if companies you deal with (or work for) are putting you at risk for ID theft.

But let's not kid ourselves. "No technology will ever be foolproof," he noted. That's especially the case when systems are broken into by bad-egg employees with all the passwords. And in our digital world, outside hackers are an unfortunate fact of life. "It's an arms race," Miller said, noting that whenever the good guys come up with a solution, the bad guys try to break it.

What's more, it's not easy or practical to remove yourself from the credit system altogether. I myself will continue to opt for the car over the tank.

But I just hope I get a Lexus, not a lemon. As a consumer, I'd like my privacy to be a bigger concern in businesses' risk/reward decisions. Sure, they may be thinking about my convenience. And I admit it -- I like transactions that are fast. But I'd sacrifice a little speed if it meant another layer of security.

What's more, the speed-and-ease factor is not just for consumer's benefit, some say. "[Companies] want the most impulsive system possible," said Chris Hoofnagle, deputy counsel of the Electronic Privacy Information Center, a public interest research group. Why? It's better for business.

Certainly it will help if data processing companies and others with ties to the credit card industry encrypt (or code) the credit card information they get. Hackers who don't have the decryption code can't read the information. "It can foil the average [hacker] and if it's done right it can foil the very good [hacker]," Hoofnagle said.

He also thinks giving consumers PIN numbers for credit cards would be a good idea -- it may slow the process down a little, but without keying in your PIN, your card number wouldn't work.

RELATED ARTICLES • Hacker hits up to 8M credit cards • Feds charge 3 in massive credit fraud scheme • Guard your Social Security number • Identity theft survival guide

If we accept that hacking will occur despite our best efforts, there also should be provisions in place that require businesses to notify consumers whenever a breach does occur. Right now, "There's no duty to notify the card holder," Hoofnagle said.

That can be a nightmare for consumers in cases when Social Security numbers have been stolen, putting them at great risk for identity theft, which can take months to show up in your credit report and can ruin your financial life. (Thus far, identity theft does not seem to be a concern in the DPI case because only limited information was accessed.)

There may be an improvement in notification if companies take the lead from California. In July, a law will go into effect requiring state agencies and businesses that collect information on Californian residents to notify people when their name and another key identifying factor such as their Social Security number, driver's license number, account number or PIN number have been acquired without authorization or are reasonably believed to have been.

The hacking incident in which intruders accessed millions of credit cards has consumers confused. Many credit card issuers are not doing much and are waiting for consumers to call them. CNNfn's Fred Katayama reports. Play video (QuickTime, Real or Windows Media)

In the event that 500,000 people or more are affected by a breach, businesses and state agencies operating in California will be required to do three things: Send an e-mail to those affected, post a notice on their Web site, and alert the media in a timely manner.

That may be good news for the rest of the country, Hoofnagle noted, because when companies operate across state lines they tend to comply with the highest standard required and apply it to all their customers. "Once you build the infrastructure for sending a letter to California residents, it's very easy to do it for everyone," he said.

But until that happens, if you're concerned your credit card account (or debit card account issued with a MasterCard or Visa logo) may have been tampered with, contact your card issuer. And if you suspect you may be a victim of fraud or identity theft, you may request a free copy of your credit report from each of the three credit bureaus.

Jeanne Sahadi writes about personal finance for CNN/Money.com. She also appears regularly on CNNfn's "Your Money," which airs weeknights at 7 p.m. For comments on this column or suggestions for future ones, please e-mail her at everydaymoney@cnnmoney.com.