So who has my data and the wider Epsilon email breach

Experts suggest that the Epsilon email breach actually took place in late March and we become aware of it in Early April through traditional media. Here is the full(est) list of companies who were affected.

However, why do companies such as Capital One to Verizon hire Epsilon? Given the regulation and technical complexity relating to personal data storage and permission email it would appear that there is an economies-of-scale argument from having a specialist; but here is the rub, it introduces a single point of failure.

Which leads to the question about who I “trust?” Customers placed their trust in companies and these companies gave their customer data to Epsilon who were not directly or implied in the trust relationship.  Who’s brand is damaged Epsilon or the house-hold name?

Whilst I am sure that there are service level agreements between the parties but whilst personal data is seen as a liability (high cost to manage and maintain within regulation) this will continue, as boards realise that personal data is an asset I expect that they may be somewhat more keen to manage the asset themselves.