Image via Wikipedia
Yesterday a client rescheduled a meeting because "the State" showed up to audit their medical operations. The State of Ohio regulators conducts spot visits in this industry on a spontaneous basis. When they come in, typically unannounced, everything stops so that they can conduct their spot audit.
"Hi, I'm from the <FTC/HHS/DHS/ETC> and I need to see your log files and your patch management reports ... "
Do you think information security and privacy compliance will ever get to that point?