On May 23, 2017, it was announced that Target Corporation had settled the investigation initiated by the Attorneys General[1] of 47 states and the District of Columbia resulting from its 2013 data security incident.  Besides the $18.5 million being paid (the largest State AG data breach settlement amount to date), it is the promised remedial measures that are of most interest to those following data breach enforcement actions.