This month, the U.K. Financial Conduct Authority (FCA) fined Equifax’s U.K. subsidiary £11.1 million for its handling of a 2017 data breach, one of the largest in history. The FCA’s decision shows that regulators around the world are tiring of multinational companies pushing around subsidiaries in their countries. It also serves as a warning to companies to keep local subsidiaries in the loop about incidents and to treat data processing between company groups as outsourcing, requiring rigorous contracts and standards. This article discusses the FCA’s findings about Equifax and four key takeaways from the financial regulator’s enforcement action. See “Learning From the Equifax Settlement” (Jul. 31, 2019).