Oooo. Sticky topic.
More so when you consider that in almost every case IT is looked at as a terrible burden. It's a cost center with little to no value in most organisations, excepting that it makes regulatory overhead slightly less burdensome. When regulatory burdens start creeping into IT, driving the costs up once more...
...yeah, lots of businesses just won't comply. The smaller your business, the more this regulatory burden will prove to be a barrier to entry into any market, yet the larger the business the more this regulatory burden is absolutely required.
One extra accountant, systems administrator or consultant for AT&T is less than a rounding error on the payroll. One extra accountant, systems administrator, or contractor for a 50 employee organisation can be the difference between profit and loss. The hell of it being that it’s the AT&Ts for whom these rules need to exist; while smaller enterprises make mistakes in data governance, the impacts of such are practically insignificant.
Plus, after making those mistakes, that small company isn’t around anymore. The AT&Ts of the world can do whatever they feel like, and nothing seems able to touch them.
So how to deal with this from an IT perspective? Formalise your operations and procedures so much that you end up requiring additional staff? Run your existing wetware harder until it burns out? Get an outside consultant who might or might not be trustworthy, but will most assuredly be expensive?
I am unsure there is a single “right answer.” The approach needs to vary with the details and culture of each organisation…but there comes a point where the regulatory burden on SMEs will be so much that many of them will simply be forced to close.
I wonder if maybe that’s The New Corporate Strategy for large enterprises. Cause such a ruckus that new regulations must be enacted. Then cause a ruckus to force the application of those regulations as broadly as possible so as to disproportionately burden smaller competitors.