|
|
|
|
|
|
by sandworm101
3769 days ago
|
|
|
A successful startup is one that has grown rapidly in recent years. No growth = not successful, and not recent = not a startup. Any tech company that grows quickly starts bumping up against any number of compliance issues, both legal (ie HIPAA) and private (ie PCI). Today's growth curves don't keep pace with many of these regulations. As you expand laterally into new markets you constantly run into new obligations. And as you expand vertically (increased sales) you trigger new expectations, especially the PCI DSS. The chances of anything rationally called a startup having accommodated these things is astronomically low. Ask any tech lawyer to list all the laws applicable to a startup. Bring a lunch. Until a company has devoted resources (ie a full-time compliance team including lawyers) and has a decade or so of experience with the relevant rules, imho proper compliance is a pipe dream. At best you can hope to keep the wolves away long enough to get whatever they want ready asap. Anyone here working at a startup, just have a look at the PCI DSS, specifically the SAQ you are meant to fill out every year (if you handle credit cards). And this is basic compliance 101 stuff, no lawyers required. https://www.pcisecuritystandards.org/documents/SAQ_D_v3_Merc... |
|
|
They had people selling health insurance without a license. This isn't just a failure to sit through the "don't bribe foreign officials" training.