On the issue of mandatory reporting regulations on security breaches--in other words, a debit card or credit card violation is discovered--should those records be kept when they deal with and solve the fraudulent activity? Should it be mandatory that records be kept that the activity occurred, because the same thing could conceivably occur down the line years later? Do you know what I'm saying? That sort of requirement is in the United States.
On November 22nd, 2006. See this statement in context.