Do you have a list of details which we must know about our providers before conducting any business? If not, let me give you one,
1. Legal name
2. Tax ID/SSN/PAN
3. Registered address
4. Details of grievance redressal officer and escalation matrix
Can you think of aything else? Now lets assume the company sells off your data to a third party. What extra will you do apart from going to the consumer protection bureau? Let's be practical!
Don't have any list, this is just a general idea first and sees how it develops with the input of many other clever, thinking, creative minds here!
For the first one you suggested, it should be for both physical person full name, and company/corporation names, and if it is a corporation or business name, which it has a big list of all its members behind, which normally companies have always their member's name hidden, which need to be always upfront available to anyone to verify who they are.
For the second question about what to do when a company is selling people's data... As we know we are still in a new field, where there are few options for the clients to do when things like that happen. But I am sure this will soon be different if people keep talking and bring new ideas to stop the abuser from selling personal data!