I have brought this up with AirBnB when they use our Host payment account to validate my call. I believe our data is outsourced to a 3rd party service and the use of Personal Identifiable Data (PID) is a risk to Clients and Hosts. As a Global Solution Architect in IT, I see the best practices in the business. We have a lot to lose as Hosts, beyond the client's trust. AirBnBin the UK and EU is regulated in PID requirements more so than the US. But with Yahoo violated Federal Trade Commission Act provisions and California business laws by "failing to employ reasonable and appropriate security measures to protect subscribers" things may change.