The Fickle Nature of Compliance

Blog / The Fickle Nature of Compliance

Changing rules mean taking charge of compliance for yourself.

Every organization, regardless of type, needs to be aware of the rules and regulations they operate under. However, change is inevitable and even though governments can be slow to catch up, legislation does eventually evolve. When changes do happen, they’re usually accompanied by announcements and press releases. For example, changes to PCI-DSS, PIPA/PIPEDA, and FOIP compliance standards can seriously impact organizations that keep personally-identifiable information about customers or rely on online payment processing, and so are often accompanied by some lively fanfare to catch people’s attention.

But before you go and start setting alerts for news updates about cybersecurity compliance, it’s important to remember that these announcements are often only courtesies; ultimately it’s up to each organization to ensure they’re meeting new minimum standards, and claiming you didn’t know about a change because there wasn’t a press release isn’t an argument that’s likely to stand up in court if something does happen as a result of failing to comply.  As business operators it’s essential to not only understand those rules but also periodically check up on them.

Check out—don’t chuck out—your compliance news sources.

It’s also important to not dismiss potential sources of information out-of-hand. For example, we recently received reports from a client about some advertising and sales spam. However, this particular email began in a strange way. It was just a few sentences about a change to the rules for federally-regulated organizations requiring them to provide feminine hygiene products in washrooms and supposedly taking effect on December 15 this year (2023), followed by a few purchase links but no references. At first I simply dismissed the email as the spam it was, but the lack of any reference to the rules kept bugging me.

So I did some sleuthing and googled the date and topic, and what do you know, they were telling the truth; federally-regulated organizations will indeed be required to provide pads, tampons, and other feminine-hygiene products starting December 15.

To be clear, there’s no question the email was sales spam, but remember that the most effective scams often aren’t complete fabrications. They use real-life situations like a natural disaster or COVID-19, as leverage to make sales. It’s a scummy tactic but on the plus side it helped raise awareness about the upcoming change. It just goes to show that how you can glean useful information about important topics from even the most unlikely sources.

This week’s Shakespeare quote comes from The Tempest; “We are such stuff as dreams are made on.”

If you’d like to learn more about maintaining compliance, or about how outsourcing compliance tasks to qualified experts can save you time and anxiety, contact a TRINUS professional and get some stress-free IT.

/Partners /Systems /Certifications

TRINUS is proud to partner with industry leaders for both hardware and software who reflect our values of reliability, professionalism and client-focused service.