“A burglar steals an unencrypted powered-down laptop containing PII and is immediately hit and killed by a bus. Data breach?” as more laws are passed there remain many difficult questions to answer. this panel will try. come see opposed minds in the industry debate the ethics and economics of incident response and related regulations. we will debate things like: have the past 10 years of breach legislation helped or hurt our efforts in information security? when is a breach really a breach? is it wrong to say “any loss of control is a breach and must be reported?” do you agree there “no safe harbor for encryption?” is it “unduly costly on society” if our breach definition is too broad?