A federal appeals court just upset the status quo in US data security law. The court refused to uphold an order from the Federal Trade Commission that LabMD, Inc. overhaul its data security program. This is a long story that started when a self-promoting security firm informed LabMD it had suffered a data breach and should hire the firm to remediate the problem. The story teaches lessons about (1) how discern the difference between a real breach and a phony breach, and (2) the direction of data security law.
SANS Institute's 3rd Annual Data Breach Summit, NYC, August 20-21 https://www.sans.org/event/data-breach-summit-2018