Enough feel-good declarations
It is time that the InfoSec community create an Official Security Charter. Define once and for all the required measures to ensure privacy and data security, and publish it.
Everything else should then be measured against those points, in a checklist manner.
That would even allow for grading a company's promises. So, your latest blah ranks 2 on the Total Security Checklist ? Try again.
You are FaceBook ? Don't even check, just try again.