The CEO didn’t understand his own company’s compliance requirements. He delegated this, as many in business do, to his IT director. “Technology will fix this problem” is a common approach. But there are actually major problems with this all-too-common approach: The CEO’s IT director had actually made a good-faith effort to understand the regulations. He had implemented a number of changes to his team’s processes and procedures: new password rules, more detailed logging, database security changes.”]
Source: https://www.darkreading.com/compliance/can-t-fix-what-you-hide