Perkins Coie Partners Al Gidari and Todd Hinnen were quoted in the Chicago Tribune in an article titled, "U.S. companies allowed to delay disclosure of data breaches." The article discusses the differing laws relating to when companies in different states have to disclose that they have experienced a security breach.  "The first order of business regardless of any state law is to plug the hole, protect the user and then worry about reporting," said Al.  But since the SEC guidance came out, "companies have tended to include generic risk factors rather than disclose specific incidents," said Todd.