Regulations and Responsibilities, not gone, but perhaps forgotten?

PCI DSS, Data Retention, IPND, GDPR, ISO

All these acryonyms of responsibility. Which apply to me? Which am I _required_ to do?

When a new regulation, especially those that come with a budget and compliance date, comes along, everyone springs to action.

  • Governments/Entities create regulations and legislation to suit
  • Clients analyze their exposure and cost of compliance
  • New businesses emerge to address the requirement
  • A sense of urgency is created to ‘catch the wave’

Much like models that address market exposure and the transition from ‘Early Adopters’ into ‘Mainstream’ – most of the attention for regulations such as ‘Data Retention’ seem to have stagnated in that ‘Early Adopter’ phase and disappeared into the ether!

You would be forgiven to think that these ‘fly-by-night’ companies were only after the ‘compliance grants’ that you were given when the regulation came along. See Data Retention – Industry Grants.

The total amount provided by the government for Data Retention under this scheme was $129,000,000.00.

Now that the funding has dried up, where are these ‘helper’ companies now?

The difference between the marketing model and the regulation/compliance model is the transition to mass-market is unavoidable. Even though the streams and balloons have been put away, these rules are forced to ‘mainstream’ and cannot be forgotten.

Data Retention, IPND, PCI, ISO and more were not built to be popular, they were put together to address a real-world concern, generally protecting people in one form or another. It is your social and legal responsibility to ensure you comply with these rules or you put your business, or people, at risk.