Frustrated security and risk (S&R) professionals once wished for more media coverage of customer data breaches and privacy abuses to help them raise the importance of security with naive business executives. But news about security breaches is now so ubiquitous that business executives (and even some CISOs) may largely ignore them — unless, like the 2013 Target breach, it sets a new record for scope, or the attack itself represents a new attack vector and method (e.g., Heartbleed). However, in between the headlines and after the social media frenzy has died down, there are long-term lessons we can glean that will help all S&R pros improve their enterprise's overall security posture, their specific breach response capabilities and their understanding and appreciation for privacy law and changing consumer sentiment on privacy. To do this, each year we will select five notable incidents from the past 12 months that represent different industries and different types of incidents, summarize the details and provide critical lessons learned for S&R pros.