The authors write “A recent court decision appears to be the first reported case that addresses an interesting question does a cyberattack, which certainly makes information available to others, constitute a ‘disclosure’ covered by statements in a privacy policy (and by logical extension, a private contract addressing the ‘disclosure’ of information)?”
