Re: You can't do that
I'll agree with UKgnome. 99% of the "compliance issues" I've seen have had nothing to do with actual legal compliance, mostly "But our security people said......" compliance. That said, there are unfortunately some security types that have been handed a mandate, and thus have become bulls in the proverbial china shop.
On the other side, I've mined data out of application transaction streams that was blatantly clearly violating essential security rules and had the app team come back with "Oh, no, there is no such data in our application, you must have seen something else." For MONTHS after the fact. Only to have the DSS third party analysis agree with my findings.
Most of the Sysadmins I've met have the little grey cells to read the law so that they have a chance. Few of them are willing to stand up and wave the document around, I suspect due more to the current atmosphere in IT than anything else.
I'm seeing more "dont rock the boat" attitude lately than I've seen in years and I'm not 100% sure *why*.
Mines the one on the far side of the canoe, hold on while I stand up and grab it.