I have an encryption talk that I give and usually find a few people in the audience that have implemented encryption. In almost every case this has been because of PCI or HIPAA regulations that dramatically reduce penalties if data is encrypted. Whether you agree with the regulations or not isn't important. There are rules that some of us have to follow because of our data and my guess is that the number and scope of those rules will increase in the future.

If you are covered by HIPAA law, you may have gotten some increased scrutiny this year. There are audits underway from the Office of Civil Rights (OCR) for 115 organizations that will help them to ensure they comply with regulations. Penalties aren't supposed to be assessed unless there are serious violations, but starting in 2013, the Health Information Technology for Economic and Clinical Health (HITECH) Act requires that the auditing program will be enforced with surprise audits.

Read the rest of "Regulators, Mount Up" at SQLServerCentral.