Users can protect themselves in a small way by employing two-factor authentication for passwords and also by limiting any potential password reuse. Some sites will ask users to let them store credit card information for better usability, but that's not always a requirement and users can choose to just enter in card data every time, also potentially limiting risk.
Yes, I know hackers also go after user information. Pick your bogeyman—be it a nation-state (China, North Korea, Russia or even the U.S. government), phishing bots, data breaches or just data leaks. They can all affect user privacy. The use of encryption might help, but then again, it might not if you don't know who holds the encryption keys or if the cryptography can be exploited.
While technology can and should be used to help protect data privacy, awareness is key. And the simple truth about data privacy is that it is ultimately achieved only with user vigilance.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.