It is, and they are. There is a wide variety of governmental standards programmers have to follow in a wide variety of industries (healthcare, education, banking, defense/military, etc) and programmers manage not to bribe their way into total control of the government because being a good citizen is too hard.
Having regulators with interests that diverge from people in industry is exactly the point; the things they are doing are often dangerous, reckless, and careless. It does not matter if it's "standard industry practice" or part of the "byplay common in the industry day-to-day". In fact it's crucial that regulators ignore this; we didn't particularly care that it was commonplace to put asbestos or lead in products when it started killing people, we just stopped it.
I don't care if it's "commonplace in the industry" to hash passwords with MD5 and leave a telnet port on the database server open to the Internet. It should be criminal because of how careless it is with people's personal data and I wish there were more regulators in the IT industry to come down on people who do it.
Having regulators with interests that diverge from people in industry is exactly the point; the things they are doing are often dangerous, reckless, and careless. It does not matter if it's "standard industry practice" or part of the "byplay common in the industry day-to-day". In fact it's crucial that regulators ignore this; we didn't particularly care that it was commonplace to put asbestos or lead in products when it started killing people, we just stopped it.
I don't care if it's "commonplace in the industry" to hash passwords with MD5 and leave a telnet port on the database server open to the Internet. It should be criminal because of how careless it is with people's personal data and I wish there were more regulators in the IT industry to come down on people who do it.