Skip the navigation

Compliance Headaches

A patchwork of inconsistent and vague laws make it tough for IT to do the right thing.

By Mitch Betts
March 15, 2004 12:00 PM ET

Computerworld - I admit it: I was a policy wonk. As this newspaper's Washington correspondent many years ago, I covered literally hundreds of congressional hearings -- many of them about privacy. I had my nose in the fine print of the Federal Register and the Congressional Record. I huddled with anonymous congressional staffers to get the latest markup drafts of bills in subcommittee. I used to be able to quote key passages from my dog-eared copies of the Computer Fraud and Abuse Act and the Electronic Communications Privacy Act. I sat in the Capitol galleries and watched votes for landmark legislation.

And I was naive. I thought that the young staff attorneys drafting the legislation knew what was best for the country. I scoffed at industry complaints about various provisions being too hard to implement. Businesses also feared a hodgepodge of privacy laws across the 50 states, but I was skeptical of arguments for federal preemption of state privacy laws.

Older and wiser now, I know that those inconsistent and vague laws can make it tough for IT managers to comply even when they truly want to. The best intentions of those young staff attorneys can cause serious headaches for business folks outside the Capital Beltway, as the first story in this special report shows.

I still think policy-makers do the best they can when they write the laws. But I've learned that the law of unintended consequences is the most powerful law of all.

Mitch Betts is Computerworld's Features editor. Contact him at mitch_betts@computerworld.com.

Read more about Security in Computerworld's Security Topic Center.



Our Commenting Policies