You can always tell *who* wrote a piece of legislation (or rather, contributed to the writing of) by looking at the language. You can tell this piece was written by people who have a vested interest in keeping themselves shielded from the nuisance of compliance violations by reading the hard language that is used in the document. Essentially, in order to make any sort of fine or penalty count (a real cost that would be felt) there have to be more than 500 records lost and there has to be proven willful neglect.
‘‘(c) NONCOMPLIANCE DUE TO WILLFUL NEGLECT.— ‘‘(1) IN GENERAL.—A violation of a provision of this part due to willful neglect is a violation for which the Secretary is required to impose a penalty under subsection (a)(1)."Has anyone ever tried to prove, beyond the shadow of a doubt, "willful neglect"? The term willful neglect means that someone has to prove that the entity in question willingly did not take precautions to avoid the possible breach. All a company has to do is a ridiculously little amount of work and then justify not doing more and magically they can be shielded from the willful neglect persecution.
This is incredible! How is it that anyone is expected to be held accountable when there is enough wiggle room in the enforcement section of the compliance regulation to drive an 18-wheeler through.
I guess all I can say is that this is quite typical of the government's regulations. Look at SOX, or some of the other regulations that have come from the government - they're terrible! Any company with a half-decent lawyer will figure out a way to get around this... I can't wait for the first case to be brought up.