Regulatory and industry IT compliance initiatives generally involve security, but those who implement compliance and those responsible for enterprise security are often different people. Compliance responsibility is often spread among the legal department, privacy officers, audit, human resources and, of course, IT security. IT needs to take on the mantle of compliance responsibility, expand its mindset to include compliance. Technology needs to embrace regulations and contracts as legitimate security requirements, and work with compliance to find solutions to compliance problems and simultaneously achieve operational security goals.”]