Every professional firm that handles client data has regulatory obligations for how that data is stored, retained, and protected. But for most small and mid-sized firms, the IT environment tells a very different story than the compliance policy on the shelf.