Topics | Spoiledlunch

Start here

Read this beat in order

Start with the pieces that explain how governance theater forms, then move into the essays that show where evidence, ownership, and control design actually break.

Step 1

The SOC 2 Compliance Cargo Cult

April 18, 2026 / 7 min read

The cleanest entry point into the site’s anti-ceremony stance on compliance and control programs.

SOC 2 compliance has become a cargo cult ritual in enterprise security. Organizations implement the ceremonial controls, follow the prescribed procedures, and wait for …

Start here

Step 2

Compliance Exceptions Tell You More Than Controls

May 26, 2026 / 4 min read

A sharper view of where control programs reveal the truth once the green boxes stop flattering anyone.

Organizations love to report passed controls because passed controls are flattering. They suggest order. They suggest repeatability. They suggest that the environment …

Start here

Core threads

What this beat keeps arguing about

Questions

Start with the pressure points

Which controls are real operating constraints, and which ones are just well-documented beliefs?
Where does evidence prove execution instead of merely proving preparation?
What stays unresolved because the program can record the problem without forcing a decision?

Article

The SOC 2 Compliance Cargo Cult

April 18, 2026 / 7 min read

SOC 2 compliance has become a cargo cult ritual in enterprise security. Organizations implement the ceremonial controls, follow the prescribed procedures, and wait for security to magically …

Read analysis

Brief

EDPB Sharpens Research Guidance and Speeds Up Anonymisation Work

April 16, 2026

Summary: EDPB used its April plenary to tighten guidance on scientific-research processing, accelerate anonymisation work, and approve a new …

Read brief

Brief

FTC Targets Noncompete Agreements in Pest Control Enforcement Action

April 15, 2026

Summary: The FTC ordered Rollins to stop enforcing noncompete agreements against thousands of workers and paired the action with warning …

Read brief

Brief

FTC Bars Forever Living From Deceptive Earnings Claims

April 14, 2026

Summary: The FTC settled with Forever Living and its operators, permanently barring deceptive earnings claims and reinforcing that …

Read brief

Brief

EDPB Annual Report 2025 Highlights the Board's Enforcement Priorities

April 9, 2026

Summary: EDPB’s 2025 annual report summarizes the board’s guidance, coordination, and enforcement priorities, giving privacy …

Read brief

Brief

EDPB Publishes One-Stop-Shop Digest on Legitimate Interest

March 26, 2026

Summary: EDPB published a digest of one-stop-shop decisions on legitimate interest, giving privacy teams a clearer signal on how regulators …

Read brief

Article

Framework Alignment Is Not a Security Outcome

March 25, 2026 / 6 min read

NIST CSF Implementation Tier 3 means the organization has “risk-informed” practices that are regularly updated and partially integrated across the enterprise. That is what the …

Read analysis

Brief

EDPB conference on cross-regulatory cooperation: what we learned

March 24, 2026

Summary: EDPB used its March conference to press for deeper coordination between privacy regulators and adjacent EU authorities, signaling …

Read brief

Brief

NIST Releases CSF 2.0 Quick-Start Guides for ERM and Informative References

March 23, 2026

Summary: NIST announced two Cybersecurity Framework 2.0 quick-start guide updates on March 23, 2026. The agency released the final SP 1308 …

Read brief

Brief

EDPB and EDPS Back Stronger EU Cybersecurity Rules While Guarding Personal Data

March 19, 2026

Summary: EDPB and EDPS issued a joint opinion on the Commission’s CSA2 and NIS2 proposals, arguing the EU can streamline cybersecurity …

Read brief

Article

Board Reporting Is Broken When Every Risk Is Medium

February 25, 2026 / 5 min read

The risk register that comes out of a mature GRC program should tell the board something true about the organization’s exposure. Too often it tells them something comfortable instead. …

Read analysis

Brief

EDPB Sets a 2026-2027 Programme Focused on Compliance and Regulatory Coordination

February 12, 2026

Summary: The European Data Protection Board adopted its 2026-2027 work programme on February 12, 2026. The programme emphasizes making GDPR …

Read brief

Other beats

Explore another topic

Topic

Security

Topic

Privacy

National Internet Safety Month

Source Information

GRC

Read this beat in order

The SOC 2 Compliance Cargo Cult

Compliance Exceptions Tell You More Than Controls

What this beat keeps arguing about

Start with the pressure points

The SOC 2 Compliance Cargo Cult

EDPB Sharpens Research Guidance and Speeds Up Anonymisation Work

FTC Targets Noncompete Agreements in Pest Control Enforcement Action

FTC Bars Forever Living From Deceptive Earnings Claims

EDPB Annual Report 2025 Highlights the Board's Enforcement Priorities

EDPB Publishes One-Stop-Shop Digest on Legitimate Interest

Framework Alignment Is Not a Security Outcome

EDPB conference on cross-regulatory cooperation: what we learned

NIST Releases CSF 2.0 Quick-Start Guides for ERM and Informative References

EDPB and EDPS Back Stronger EU Cybersecurity Rules While Guarding Personal Data

Board Reporting Is Broken When Every Risk Is Medium

EDPB Sets a 2026-2027 Programme Focused on Compliance and Regulatory Coordination

Explore another topic