When Edward Snowden broke open the secretive vaults of the National Security Agency’s worldwide spying apparatus, a long overdue national discussion was launched over the issue of privacy in the high-tech age. We have since seen Congressional hearings, presidential commissions, and academic panels convene to wrangle over what rights we should have to act without surveillance, to conduct business without oversight. What that debate has mostly been missing, however, is the most pressing everyday threat to the privacy of Americans: the private sector.

The wholly justifiable focus on the surveillance powers of the state (which does, after all, possess quite a few more coercive powers to be worried about) has nudged out of the spotlight the constant invasions of privacy that have been taking place at ever-increasing rates over the past decades as consumer information becomes ever more collectible, and ever more desirable. Yet as one of the proposed NSA reforms gaining the most traction involves not abolishing the NSA’s mass collected information databases, but turning it over to private administration, consumer-level privacy now more than ever needs to be at the forefront of our minds and public discussions.

Because the Internet runs, by and large, on advertising, the ability to use consumer information to target ads is a prized commodity, and is enabled by a hordes of tracking cookies placed on people’s computers and vast seas of private consumer databases. Privacy concerns have been voiced consistently, if somewhat sotto vocce, as the web has grown, so the private companies comprising Silicon Valley’s core have been gradually pushed into adopting a “Do Not Track” standard by which consumers can select a web browser setting that tells websites not to collect information on them, similar to a do not call list. Even Google, the giant of web advertising, was dragged into implementing the feature in its Chrome browser in 2012. Yet as a purely voluntary effort, the Do Not Track system is entirely dependent on the goodwill of the website to cooperate, and the inability to agree on a common set of standards has led one of the biggest web companies, Yahoo, to pull the plug on Do Not Track altogether. So while browsers may still send Yahoo the requests, Yahoo won’t be listening.

There is so much money to be made in tracking consumers, that companies have been deploying what’s known as Big Data to sort through vast troves of information and identify desirable characteristics in potential customers. One of the most controversial implementations of Big Data has come from big box retailer Target, who, due to the gold mine to be made off of pregnant women, started to identify newly expecting mothers by their purchasing habits, and bombard them with special offers: often before friends and family knew; sometimes before the women themselves.

A Princeton sociologist and expecting mother recently presented the lengths to which she had to go in order to hide her very personal childbearing status from the commercial panopticon sweeping its eyes over consumers on the web and in stores. In short, she had to avoid any mention of the pregnancy on social media like Facebook and Twitter (first place the advertisers look), only prepare for her pregnancy with cash purchases and giftcards purchased with cash (which itself triggers heightened scrutiny), and even use super-secure and anonymous web browser Tor when she wanted to shop at BabyCenter.com.

With the seeming collapse of DoNotTrack, private-sector privacy may need legislative reforms in its own right. The breach of millions of customers’ credit card information at Target over this past holiday season should also give pause to those who think that the NSA privatizing its data stores will solve any major privacy issues. The existence of mass collection databases is the privacy concern; sending them to private hands with weaker protections could only compound our problems.