Sounds like some kind of GDPR law is required so that companies don't get to treat people's private data as their own. It's ridiculous that in a bankruptcy they can sell off the data that belongs to others - companies should be treated as merely protecting PII data and can never own it.