As states and federal agencies alike are increasingly scrutinizing organizations' privacy practices, recent regulations and enforcement actions are forcing organizations to relearn how much—and when—they're legally required to disclose data breaches and cyber incidents.