This article offers in-house counsel a crash-course in data-security regulation and litigation, focusing on the liabilities stemming from the disclosure of customers’ personally identifying information (PII). We will conclude by examining some key takeaways to help your company minimize its data-security litigation risk.