Some IT professionals are debating whether they would issue a data breach notification in the event of a hack. Their rationale is that such a notification makes them a target for other hackers and that most of the incidents that trigger the required notification don’t rise to the level where notificaiton is necessary.
Those companies that are debating the wisdom of the data breach notification see the notice more as assigning blame than helping to protect those individuals that have been affected. However, before deciding to adopt the contrary view, it is important to remember the evidentiary impact of the notification. The data breach notification can be considered part of a subsequent remedial measure. As such, it can’t be used against the company issuing the notification for the purpose of proving negligence or culpable conduct.