When an individual moves into a new role, or even to a different department, the organization retains all the hidden benefits of keeping established staff.
If companies make disclosures in a big rush, as required, they may end up going public about cybersecurity incidents before they fully understand the situation.
Is collecting, storing and securing vast troves of data still the prudent move as cyberthreats abound, or is 'overcollecting' resulting in overexposure?