Abstract: This chapter explores the attributes of compliance in the context of data breaches. First, it identifies the sort of corporate governance problem that data breaches create. Then, it approaches the empirical work related to data breaches and to the organization of compliance-based responses in terms of risk assessment, training, and compliance, both preemptively and after a breach. Next, the chapter discusses the extant theoretical and empirical evidence about the short- and long-term impacts of IT security events on breached firms as well as corporate governance issues relating to data breaches. It also examines studies that evaluate the impact of different types of event on various types of firm and stakeholder. The chapter also explores how data breaches impact broader issues of corporate governance and compliance. In the end, it identifies potential research questions and avenues for future researchers on how firms or governments might have to think about their IT security investments and the necessary measures that have to be in place to respond effectively if such events occur.