I would add to that. If I understood your questions properly, your question was specifically what the client can do when they get the notification of the privacy breach.
It would be in the client's best interest to check all of their records to ensure that nothing untoward happened with, say, their banking statements or any of their financial or whatever kinds of records. The client should pursue the companies that had the breach occur, to get those companies to assist them in correcting whatever harm had happened to them.
It is a very serious matter to have losses of personal information. We in the insurance industry are very cognizant of that concern, and we take every effort in our industry to make sure it doesn't happen. But if it were to happen, it would behoove us as insurers, or as industry in general, to assist our customers, for good customer relations, to make sure we correct the wrong in whatever manner it takes to do so.