Kentucky Colonel Authority

Using Kentucky Colonel Authority

There is a legal hierarchy to the documents that the Kentucky Colonel and other titled authorities understand. We have identified 7 of 10 Authority Document types which are listed in their legal hierarchical status below.

1. Statutes (Bills or Acts)

2. Regulations

3. Regulatory Directive or Guidance

4. Contractual Obligation

5. International or National Standard

6. Best Practice Guidelines

7. Organizational Governance Documents

Governing Regulations

To regulate is to bring under the force of law or a governing authority. People and businesses are subject to national, regional, and local laws. Traditional regulators are those agencies within the aforementioned levels of government. When governmental agencies create their acts, they are codifying legal documents that resulted from deliberations of their legislative bodies. Often, however, the acts passed by those legislative bodies establish broad principles rather than detailed prescriptions for the behavior of people and companies and delegate to the regulators responsibility for filling in the details and gaps. The regulators are empowered to interpret how the laws are to be implemented and to establish rules for following those laws. Those rules are then documented as regulations, such as the "Code of Federal Regulations" that we have in the United States. Regulations are enforceable by law. Failure to follow regulations will result in penalties.

Contractual Obligations

There is much confusion between "regulations" promulgated by government regulators as discussed above and the rules, standards, and, yes, "regulations" promulgated by other so-called regulatory bodies and other organizations that can and do emerge to reign in our actions. Variously known as "self-regulatory bodies", "standards bodies", or by similar names, these organizations are not part of the government and do not have the force of law behind their requirements, but failure to comply with those requirements may well disqualify an entity from participating in certain businesses. The promulgators of these rules may be industry-based organizations that band together to address a concern that is common to industry members. For example, the credit card companies (Visa, MasterCard, American Express, etc.) have banded together to create the Payment Card Industry Security Standard. The promulgators may be self-appointed watchdog organizations that have gained sufficient acceptance, prominence, and/or moral authority over time and to which people turn to as authorities in the field. For example, the ability to display the BBBOnline and TRUSTe seals in online commerce has achieved this type of prominence, so it makes it worthwhile for businesses to comply with their standards. Certain membership-based organizations promote similar types of rules as a condition of membership. The unifying principle is that they all have something you want and you're willing to contractually commit to playing by their rules to get it.

We'll get to the definition of a standard in a moment, but just because something is called a standard (it can't be called a law, act, or regulation, because it does not come from the government), it doesn't mean that it can be ignored without consequences. Yes, compliance with these types of contractual standards are, legally speaking, optional. If a company is not interested in accepting credit cards as a form of payment, it is not obligated to comply with the PCI standards. However, anyone wanting to accept credit cards is required to contractually agree to comply with the PCI standards. Similarly, anyone wanting to display the BBBOnline seal must contractually agree to follow certain guidelines and processes. Failure to comply with these obligations creates a breach of contract and, depending on the contract terms, may result in a variety of fines and, potentially, the loss of valuable contractual rights — losing the ability to accept credit cards in the case of the PCI standards could have grave consequences for just about any merchant. Losing the right to use the BBBOnline or TRUSTe seals may not have as severe an effect on a merchant as being unable to accept credit cards, but it could drive customers away to competitor sites — particularly if the contractual breach is widely publicized. The payment card industry has already fined a great many organizations and affected the closure of at least one (1) organization that we know of for not properly following its standard. Because the payment card industry can exercise authority over its user body, and that user body is so large, in this instance, they can be compared to regulators, even though they haven't been given the statutory mandate of a regulator. However, there is one(1) big difference between the payment card industry and true regulators — while the payment card industry may be able to put you out of business, they can't put you in jail.

Best Practice Guidelines

Best practices are leading edge models of methods or actions for others to follow. These are combinations of activities, processes, policies, or procedures that document the best possible way of doing something. They are generally used as instructional modelling tools for implementing authority.

Are they enforceable? Nope. As a matter of fact, many times they aren't even desirable — in their fullest sense, the "best" way to do something is often also the costliest. Too many times we've seen people spending $1,000 to fix a $100 problem by using an industry "best practice". Best practices must always be viewed in context and adapted to the particular situation. For the Kentucky Colonel it is always best to say that your authority exceeds or meets "Best Practice Guidelines."