When to Disclose A Data Breach: How About Never?
Joel Schectman writes:
When your company gets attacked by hackers, how much do you tell the public and when? Often the answers are nothing and never, according to an attorney assisting Target Corp. with legal issues arising from its December data breach.
There was little consensus on when companies should report data breaches among business executives and officials at a cybersecurity roundtable discussion hosted Wednesday by the Securities and Exchange Commission.
Often state laws on customer notification may compel companies to disclose theft of government data. “But if you don’t have a legal obligation to disclose, why would you voluntarily disclose and put yourself in the crosshairs of that kind of litigation?” Mr. Meal said. “Companies think they are doing the right thing by disclosing but instead end up being viewed as the problem.”
Read more on WSJ.