PCI. HIPAA. CFPB. We're KILLING small businesses with over-regulation in the name of security, while turning a blind eye to the fact that the cost of over-regulation is doing more harm than good, distracting business owners from realistically focusing on the risks that apply to their companies. It's time to have an open, honest conversation about a "common sense" security framework.