Compliance into the Weeds-Episode 39

In this episode Matt Kelly and I take a deep dive into the question of whether a company has a duty to disclose ransomware attacks. We consider it from the regulatory, legal, ethical, law enforcement, business, PR and some other angles. What may seem to be a straight-forward answer to a regulatory obligations turns out to be anything but.  For additional research, see Matt Kelly's blogpost, "Ransomware: To Disclose or Not". Learn more about your ad choices. Visit megaphone.fm/adchoices