Computer security would probably be easier if there were no humans involved.  Almost anything you would do to protect your system can be nullified by sufficiently negligent or malicious actions by your employees.  After-the-fact analyses of data breaches bear this intuition out, like that described at the link below.  It found that 1 in 4 data breaches was the work of insiders.

https://www.theregister.co.uk/2018/04/10/verizon_dbir/

One of the costs of a data breach is embarrassment, and this risk is heightened when there is a potential for a juicy, shareable headline with phrases like "employee worked with outside criminal" 

https://www.usatoday.com/story/tech/2018/04/20/many-1-5-million-accounts-may-have-been-compromised-suntrust-banks/535687002/

This suggests the power of Ghost PII: Why keep holding data that presents this sort of danger if you can get things done without it?  Do you need to know what a customer's SSN if you were only using it to link records?  The answer to the latter question is "No!" and Capnion is working to build a world where no one has the power to cause a breach because they have no need of it.