Although there is no standard set of measures that a company can implement to guarantee immunity from data breaches – or from regulatory enforcement action should a data breach occur – recent multistate settlements with state Attorneys General and the FTC provide valuable insight into what regulators view as reasonable and sufficient data security practices and illustrate practical steps that companies can take to reduce the likelihood of a data breach. This guest article by Ann-Marie Luciano and Jawaria Gilani, attorneys at Cozen O’Connor, focuses on eight common requirements in recent AG and FTC settlements falling into three overall categories: access control, threat awareness and advanced technical security measures. See “How Facebook’s $5-Billion FTC Settlement Is Shaping Compliance Expectations” (Aug. 7, 2019).