Should all security incidents be reported to law enforcement?  With Anthem and others disclosing their breaches recently, do you think that they did so in a timely fashion?  What are the pros and cons of law enforcement involvement? What does the current law say about companies having to release information / statements on a security breach?  How does policy impact the discussion to disclose a breach? Should there be stiff compensation back to customers for the risk they are now enduring?