In general, that remains a business risk. I think that the company must ensure that revealing information does not create more problems than it solves. In that respect, many of these things relate to the daily routine. Procedures will be adopted automatically and firewalls will be adapted as a consequence. Companies have risk-management systems, and these things will therefore be contained very quickly. The procedure will become very cumbersome if there is a requirement to notify the regulator every time. In every case of the slightest importance, the regulator will be involved.
On February 1st, 2007. See this statement in context.