[sokoloff]

How long until those become the security equivalent of Prop 65 "causes cancer" warnings? Or the shitshow that DMCA takedowns are today?

What's the burden of proof to confirm that the first sentence in your quote is correct? (Can I just claim to have breached some company and have the law compel them to issue that quote?)

You're frustrated that companies are issuing information-free notices today; your proposal appears to make them issue information-free notices tomorrow.

[Veserv]

Establishing the presence of any data breach is far easier than establishing the exact scope. My proposal moves the burden of proof to just establishing the former and demanding the company prove the latter. This is a division of labor that is common in safety critical industrys with decades of proven results supporting the effectiveness of such a regime.

Your complaint that the situation will just turn into everybody acknowledging that they are hopelessly insecure is a far better situation than now where everybody lies by claiming that they are secure. It results in the acknowledgement of breaches and the acceptance of liability that would be helpful for future legislation that can actually apply penaltys for delivering products that are defective with respect to security.

[Goronmon]

Can I just claim to have breached some company and have the law compel them to issue that quote?

I don't think anyone would have to claim to have breached the company in question.

Just the act of asking the question would compel any company to have to respond "Yes, we have been breached."