The security breaches at Target and Neiman Marcus have raised questions over how quickly companies are required to disclose that customer information was hacked.