Even better, companies should stop the rampant collection of non-essential information.
Large databases of sensitive information are just massive breaches waiting to happen. If it's not a SQL injection attack, it will be some other exploit (heartbleed, shellshock, logjam, etc.) Even if you could magically defeat every exploit, the data can get exposed by any malicious or incompetent administrator. If nothing else, authorities with sufficient interest in the data could simply compel the database owners to turn it over.
When it comes to protecting amassed information, the only winning move is not to play.