Treat this as a prequel for my upcoming blog post called "Tales From 'A Compliance-First' World" (link TBA).
I am learning that many people really, really, really hate to be told that "they are not compliant" (when they are not, of course!) and such hatred goes down to a very curious level indeed ... almost all the way down to the good ole "scanless PCI" joke level.
So, here is an ultimate "how to make enemies and alienate people?" tip: tell them "YOU ARE NOT COMPLIANT!"