Hacker News new | past | comments | ask | show | jobs | submit login

There are really two different groups of compliance programs: privacy compliance programs like GDPR and CCPA, and security compliance programs like SOC2, PCI and HITRUST. What's been happening over the last few years is that some of these security compliance programs like SOC2 or HITRUST are adding privacy concerns (usually as optional components) so that companies can do one audit for everything instead of doing multiple audits.



As I once heard a lawyer explain, laws, regulation, compliance are mostly like software: created by hardworking individuals to be as accurate, fair and efficient as possible. She mentioned that the primary difference compared to software development is feedback from compiler, automated tests, telemetry, user feedback, etc.

So, complying to CCPA,GDPR,SOC2,PCI,HITrust is like running on your code 5 different platforms, none of which were tested during construction.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: