Fair point! Yeah, it could be. Although Europe tends to be stricter about those things, i.e. where PII is stored. I was trained way back in like 2018 about ensuring I never have any PII stored on my PC and around the requirements of the GDPR in terms of access to information and right to delete etc.
>>saberi+(OP)
Yeah, even in Europe this is an excessively optimistic take.
Couple of years ago I accidentally stumbled upon an open folder a fairly big Scandinavian bank was using to store tens of thousands of passport/id scans