When your company suffers a security breach, the instinct is to say as little as possible. Your legal team wants to limit liability. Your communications team wants to control the narrative. The result is vague, unhelpful disclosures that end up doing exactly the opposite of what they're intended to do.

In a new article published this week on Law.com, EPSD Advisory Board member Melanie Ensign, privacy attorney Michelle Finneran Dennedy and I make the case that vague breach communications don't protect you. They alienate your customers, freeze your pipeline, hand narrative control to third parties, and leave you facing litigation with an already hostile audience.

The lawsuits are coming regardless. What you control is whether you face them with customer trust intact or in tatters.

Read the full article ($): https://www.law.com/corpcounsel/2026/03/01/beyond-liability-how-vague-breach-communications-harm-your-business-and-legal-position/