Dairy Queen Breached?

Forbes reported this week on "The Top 5 Information Security Breaches No One is Talking About". It was interesting to me to hear about the different, very large, companies and organizations that had been breached but that the major news organizations did not report widely on. This makes me wonder: where is the corporate responsibility in regards to reporting breaches, or ensuring that consumers are aware that they may be impacted? I know that I have gone to Dairy Queen several times this summer and I never received any type of notice that I might be impacted. When Target was breached, I hadn't shopped there in months and I received a new debit card any way. Are there laws that dictate when consumers must be informed of breaches?? I will look in to this more....