Compliance means conforming to a rule, such as a specification, policy, standard or law. Regulatory compliance describes the goal that corporations or public agencies aspire to achieve in their efforts to ensure that personnel are aware of and take steps to comply with relevant laws and regulations.
Due to the increasing number of regulations and need for operational transparency, organizations are increasingly adopting the use of consolidated and harmonized sets of compliance controls. This approach is used to ensure that all necessary governance requirements can be met without the unnecessary duplication of effort and activity from resources.
Data retention is a part of regulatory compliance that is proving to be a challenge in many instances. The security that comes from compliance with industry regulations can seem contrary to maintaining user privacy. Data retention laws and regulations ask data owners and other service providers to retain extensive records of user activity beyond the time necessary for normal business operations. These requirements have been called into question by privacy rights advocates.
Compliance in this area is becoming very difficult. Laws like the CAN-SPAM Act and Fair Credit Reporting Act in the U.S. require that businesses give people the “right to be forgotten.” In other words, they must remove individuals from marketing lists if it is requested, tell them when and why they might share personal information with a third party, or at least ask permission before sharing that data. Now, with new laws coming out that demand longer data retention despite the individual’s desires, it can create some real difficulties.
Regulation is the promulgation, monitoring and enforcement of rules. Regulation creates, limits, or constrains a right, creates or limits a duty, or allocates a responsibility. Regulation can take many forms: legal restrictions promulgated by a government authority, contractual obligations that bind many parties (for example, "insurance regulations" that arise out of contracts between insurers and their insureds), self-regulation by an industry such as through a trade association, social regulation (e.g. norms), co-regulation, third, party regulation, certification, accreditation or market regulation. In its legal sense regulation can and should be distinguished from primary legislation (by Parliament of elected legislative body) on the one hand and judge-made law on the other.
Regulation mandated by a state attempts to produce outcomes which might not otherwise occur, produce or prevent outcomes in different places to what might otherwise occur, or produce or prevent outcomes in different timescales than would otherwise occur. In this way, regulations can be seen as implementation artifacts of policy statements. Common examples of regulation include controls on market entries, prices, wages, development approvals, pollution effects, employment for certain people in certain industries, standards of production for certain goods, the military forces and services. The economics of imposing or removing regulations relating to markets is analysed in regulatory economics.
Regulations, like any other form of coercive action, have costs as well as benefits. Efficient regulations can be defined as those where total benefits exceed total costs.
Regulations can be justified for a variety of reasons, including:
- Market failures - regulation due to inefficiency. Intervention due to a classical economics argument to market failure.
- Collective desires - regulation about collective desires or considered judgments on the part of a significant segment of society
- Diverse experiences - regulation with a view of eliminating or enhancing opportunities for the formation of diverse preferences and beliefs
- Social subordination - regulation aimed to increase or reduce social subordination of various social groups
- Endogenous preferences - regulation's purpose is to affect the development of certain preferences on an aggregate level
- Irreversibility - regulation that deals with the problem of irreversibility – the problem in which a certain type of conduct from current generations results in outcomes from which future generations may not recover from at all.
- Professional conduct - the regulation of members of professional bodies, either acting under statutory or contractual powers.
- Interest group transfers - regulation that results from efforts by self-interest groups to redistribute wealth in their favor, which may be disguised as one or more of the justifications above.
The study of formal (legal and/or official) and informal (extera-legal and/or unofficial) regulation constitutes one of the central concerns of the sociology of law. Legal sociologists have in particular been interested in exploring the limits of formal and legal regulation in changing patterns of social behaviour.