Quote:
Originally posted by mikester
The data I have to worry about has to be protected by law. We have to meet certain requirements - basicall those requirements amount to a good defense in court.
|
I don't do network security, but I often advise my boss on legal issues. When it comes down to one of these cases where the two of us disagree, I have a special "CYA Log" that I write stuff like this down in. "At time/date, I advised my boss that the intended course of action would likely result in legal action being taken against us." Your boss is your boss, and will do what they want to do -- if they want to release a piece of software that doesn't comply with the legal requirements, it isn't, ultimately, your call. Your responsibility is to ensure that your boss understands the requirements, understands that the requirements are being violated, then note it down so if it comes up later you're covered.
Or maybe I've misunderstood the whole thing, and my answer is only applicable to military-types.
Dan