MER Conference: Defining “Reasonable Security Measures” When it Comes to Data Protection