New source
Suggested sources
added 11 months ago by
added 11 months ago by
added 11 months ago by
  • 2017
added 11 months ago by
  • 2016
added 11 months ago by
  • 2015

The company should publicly disclose information about its processes for responding to data breaches.

When the security of users’ data has been compromised due to a data breach, companies should have clearly disclosed processes in place for addressing the security threat and for notifying affected users. Given that data breaches can result in significant threats to an individual’s financial or personal security, in addition to exposing private information, companies should make these security processes publicly available. Individuals can then make informed decisions and consider the potential risks before signing up for a service or giving a company their information.



  • Clearly disclose(s) – The company presents or explains its policies or practices in its public-facing materials in a way that is easy for users to find and understand.

  • Data breach – A data breach occurs when an unauthorized party gains access to user information that a company collects, retains, or otherwise processes, and which compromises the integrity, security, or confidentiality of that information.

Potential sources:

  • Company terms of service or privacy policy

  • Company security guide


How to Research an Answer 

Follow these steps or watch this video demonstrating how to research and add answers:

  1. Select the company, metric and year

  2. Look for the answer to the metric's question in a suggested source or add a new source

  3. Cite the source

  4. Enter the answer and supporting comments

  5. Submit!