ComputerWorld Security
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9113757
It’s reasonable for a company whose systems have been breached to make sure it fully understands the extent of what has happened before going public, said Chris Hoofnagle, senior staff attorney at the Berkeley Center for Law and Technology at the University of California, Berkeley. “The general rule is that one should not disclose the breach until its scope has been determined,” Hoofnagle said.