The hack into Target's computers has spawned attention, law suits, and investigations. Now, Target has put its state investigations behind it, by entering into a settlement with 47 states and the District of Columbia.
The settlement highlights a few things that those doing business in the US should be mindful of:
1) When you are dealing with data, you are dealing with a wide array of regulatory frameworks -- at least one per state. So, when you have issues, you need to think of all 50 states, and the federal system.
2) Fines for data-related breaches can be large -- Target agreed to pay $18.5 million. Although sizable, this is not the largest fine ever imposed for a US data breach. AT&T was fined $20 million in 2015, for instance.
3) The fine was not the only expense Target faced. Target has settled one of its breach-related lawsuits for $39 million.