Breaches.net

Should entities be able to write, "Your data may have been accessed" when they know it was not only accessed but was acquired?"

Should entities have to notify people that their data has been dumped on the dark web?

An entity was threatened that their patients would be swatted if they didn't pay the criminal's demands. Should the patients have been notified of the threat?