[lostcolony]

It says a lot about the cost of privacy, period. The cost would be staggering whether they're modifying existing things, or creating new things, just in terms of ensuring "Yes, we're doing this correctly".

[ryandrake]

I just find it hard to believe that the law is a significant cost to companies already doing the right thing. Sure, there is a non zero cost to ensuring your existing practices are lawful, which everyone must pay. But companies already in compliance shouldnt have to modify or create anything.

The companies that have to spend significant coin are the ones who are not already complying.

[lostcolony]

Part of the cost is -documenting- what you're doing. Ensuring the right stakeholders are involved and signed off on it. Etc. When there's a regulation to do it, suddenly you have to involve legal, and the business stakeholders want to better understand it, whereas before it may have just been the developers.

[reynoldsbd]

This is incredibly false. When you change the law, you can't assume that people who are currently in compliance will continue to be.

[ryandrake]

To use a silly extreme: if a new law came out that said I couldn’t yell profanities at my customers, I’m already compliant.

[reynoldsbd]

Counterexample: comedy central now has to work to redact all noncompliant programming.

Best practices are funny because context and history are important. Actual regulation is not so forgiving.

[ryandrake]

Good point—guess this is not as black and white as I first thought!