A lasting lesson from two major data breaches at Yahoo! goes directly to the issue of GC responsibility. The company’s own 10-K filing found in-house legal had failed to pursue a breach that had occurred two years before it was reported. A clear lesson is that information security needs to be a high-priority collaborative effort, involving IT, major business unit representatives, HR, corporate communications, internal and security experts and in some cases outside consultants. The authors of this Today’s General Counsel article make the case that in most organizations the general counsel is best positioned to be the this group’s leader.