ii Journal of Regulatory Compliance Vol. I
exploration of what compliance means, both broadly for all regulated actors,
and more specifically within certain industries. ( 2) Discussion of
“regulations” to which actors must conform, particularly the unfolding of
new regulations which is not a weekly occurrence but a daily happening. ( 3)
Examination of how regulated actors manage their regulatory risk.
On these pages we will address both speculative and practical regulatory
compliance matters. We hope to advance the discussion of the themes to
benefit our readers and hasten a better understanding of how to manage a
world of rules.
The articles in this issue explore the question of “what is compliance” in
different ways. Some are theoretical and others work with concrete
regulatory obligations. The first essay by Jonathan Price is a reflection on the
core question of “what does it mean to comply with law?” Professor Price’s
piece sets the stage and tone for the Journal’s entire enterprise. He provides
both a sketch of legal theory related to obligation and offers an analytical
look at regulation. Interestingly, he explores these ideas in the context of a
slight reworking of Lon Fuller’s theory of the inner morality of law. The
second article by Jeremy Kidd dives more deeply into specific regulations,
using transportation industry rules to examine how regulatory attempts to
cure a market failure could lead to government failure. Professor Kidd uses
the concept of “government failure” in its term of art form (a term most
famously employed by Ronald Coase in the 1960s) with the idea that just as
the market may not achieve a desired social goal and “fail,” so too, a
regulation may not achieve its policy goal and may produce a negative wake.
After much investment in adopting a needed regulation and successfully
achieving compliance in the industry, it takes great courage to conclude the
rule doesn’t work.
The next two articles are paired together to examine law regulating the
protection of personal information. Stacey Tovino’s article tackles privacy
regulations obligating protection of individually identifiable health
information. Professor Tovino takes a practical look at a set of regulations
which seems to have set a course in which covered entities can successfully
protect the privacy of health information and achieve the goals of the law but
may be close to impossible to comply with the technical aspects of the rules.
Jacob Cilek’s article provides a complementary view on rules regulating the
security measures covered entities use to protect the privacy of personal
information. He examines regulations which are easy to comply with because
they are weak and outdated, particularly with respect to encryption. He
proposes an adjustment in security regulations protecting data to bring the
rules in sync with current technology. Both articles, in different ways, pose
important questions on whether existing regulations meet the reality of what
they seek to regulate.