Home » Data Protection » PCI and Compliance

CSO Disclosure Series | The Dos and Don'ts of Disclosure Letters

One security breach, two letters, 11 lessons in the art of telling customers you screwed up. Two PR pros deconstruct the messages that Monster.com and USAJOBS were really giving to customers whose personal information had been disclosed. Part of an in-depth series about disclosing breaches.

rn; on the other hand, how concerned should I be if the company lost my address? My phone number? My Social Security number? What are the possible outcomes of this lapse? And how likely are they to occur? And if they do occur, what then? These questions are rarely addressed in a disclosure letter because the answers are complex and uncertain. Industrywide, validated metrics about abuse and fraud could go a long way to alleviating some of the uncertainty, but as long as they don’t have to, why would companies disclose the possibility that their gaffe could lead to a poor credit rating or distress over being unable to secure financing if they weren’t compelled to by regulation?

THIS CONUNDRUM has become the bane of the disclosure business. Disclosure letters have the power to create as many questions as they answer, or more. That’s precisely what’s happened as laws bring ever more breaches to the surface. As of November of last year, the Privacy Rights Clearinghouse had documented nearly 170 million personal records reported compromised. That number is expected to grow quickly. Thousands more disclosure letters are coming.

Regrettably.