Hi,
I could be wrong but in my opinion it will be quite difficult that you will be able to find an unambiguous answer in the context of a forum. In the end it just depends on your / your company policies for handling information security related matter and consequently how to act and when.
Regards,
Ferdinando
