The methods for enterprise-level protection of bulk passwords and personally identifiable information have remained fundamentally unchanged over the past 20 years.