Today, The Home Depot released new findings from its investigation of the company’s recent payment data breach. Jules Polonetsky, Executive Director of the Future of Privacy Forum, had the following statement:
More important than legal compliance after a breach is a company’s efforts to make sure that consumer concerns are addressed. It’s great to see The Home Depot take this extra step of notifying individuals whose email addresses were located in files apparently taken during a previously-reported payment breach. Since passwords or other protected account information wasn’t affected, there is no legal obligation for the company to disclose that email addresses have been taken, but clearly consumers affected will benefit from The Home Depot’s consumer outreach and can be on guard against suspicious emails.