What about requiring every third-party service provider to protect personal customer data through encryption, tokenization or another advanced security technology, through clauses written into and enforced as part of standard service level agreements?