Most of the clients that we work with are just starting to breathe a little more easy having put the appopriate compliance measures in place to statisfy the last regulation that was mandated.  SOX, PCI, state-specific data privacy acts, HIPAA, GBLA.  The undertone to all of these regulations is confidentiality, availability, and integrity and includes minimizing the risk of exposing data that is personal and confidential and assuring that data is not compromised  maliciously or otherwise.  I suspect that the latest financial failures and alleged Ponzi scheme on Wall Street will lead to yet more stringent guidance on data risk reduction and another round of IT measures will be required. 

As the custodians of the data, IT can and should continue to get better at mitigating risk and safeguarding data.  But it is important to note that assuring data integrity, availability and confidentiality will not take the place of the personal integrity and transparency that cannot be enforced through technology.  What are your thoughts?