It’s all the rage these days in some political circles to sign pledges. Special interest groups say to the candidates, sign our pledge and we’ll endorse you. Say that you pledge not to raise taxes, that you won’t support cap and trade, that you’ll wash your hands after using the bathroom, that you’ll brush after every meal. And woe be unto you if you refuse to sign my pledge.
I personally don’t like candidates who suck up and go along with this because, let’s say you sign one of these things and actually become president. You either:
1) Have turned over your presidential powers to some special interest because of a piece of paper
2) Ignore the thing later and show you were only pandering in the first place.
Well, call me a hypocrite. Because here’s the one pledge I wish people WOULD take. And that is to not cop out when it comes to compliance. And here’s what I mean.
Modern regulatory compliance, the kind with actual teeth, was created as a response to some serious boo-boos. If people had been more vigilant to begin with, or in fact had simply done their jobs right, some compliance laws might never have been enacted. So sure, maybe it’s a good thing that we got the wake-up call, but it’s a shame that it was necessary.
The origins of Sarbanes-Oxley? Ugly story. HIPAA? Good story, just (IMHO) slowly and weakly implemented. We’re too nice in the USA. Here’s a new law, we’ll give you until the cows come home to comply. In India, in Germany, get with the program, or really bad stuff happens. THAT Is how it should work.
But plenty of organizations will say, we don’t have to be compliant. We’re not public. We don’t report anything. Our parent company doesn’t demand audits. None of our subsidiaries amounts to more than 1 percent of our total revenue. We all wear tinfoil hats here. Whatever. In other words, we don’t need to pass audits or be compliant.
This is where your partners, customers, suppliers, vendors, etc. need to kick in. You’re not compliant? Well, if you want to do business with ME, you’d better be.
My opinion is, why wait? A large food company, a customer of mine years ago, didn’t wait to be told they needed to get those processes in place. They didn’t wait for various provisions of a particular law to kick in over years’ time. They took some people off line, spent some budget, and built the processes and reporting and put some individuals in positions to drive compliance and audit support. No mad scramble later. It was all forethought, it was economical, and I’m sure somebody got a bonus for it.
Fine, don’t call it compliance. Call it security. Secure your database. Encryption.
You’re privately held? Yeah, well, at some point you’re going to be on the hook. Hook yourself, at least a little, right now, before somebody hooks you later.