When a company discovers that sensitive data has been lost or stolen, two of the toughest decisions that it faces immediately are whether and when to let the public—including regulators and customers who might have been affected—know about the loss.
Going public about a data breach poses significant compliance and legal risks for companies. Report a data breach before all the facts are known and you risk the possibility of disseminating false or incomplete information, but report too late and the reputational and regulatory repercussions could be worse.
