SANS NewsBites - Vol: 8, Issue: 34 talks about this interesting insight from a company responsible for a major data breach last year.

Speaking at the Infosec Europe 2006 conference in London, LexisNexis senior director for information security Leo Cronin said his company's decision to be up front about a data security breach that took place in early 2005 was definitely the best approach to the situation. A social engineering email attack exposed personal data belonging to as many as 300,000 people at Seisint, a data broker acquired by LexisNexis in fall 2004. The company decided to inform all those affected, using California's data security breach notification law as a guideline. LexisNexis also took a number of steps to better protect the data it holds. Cronin believes the company's forthright approach minimized the damage to its reputation.