Food regulations work. Data security regulations don't. Why? Because food safety is a pretty static practice. It doesn't change that often. But software is dynamic. New vulnerabilities and breach techniques come out faster than the speed at which politicians can regulate them. Its a cat and mouse game and government is a really slow and fat cat.
Yea, I hear this all the time. The problem is the things I see attacked are not cutting edge new exploit types invented in the last week, it's the same damned things that we've been fighting the last few decades.
That's the main reason to not use these services. Regulations are in place but companies ignore them. How, exactly, are regulations protecting you when companies refuse to implement any security measures?
You don't find out they've ignored the regulations until its too late.
