Much of the SharePoint world thinks about compliance in this way:

http://corebix.com/put-your-trust-in-sharepoint-an-in-depth-view-of-compliance-features

The issues discussed in the article are entirely valid, dealing with records retention compliance, versioning, and related issues. Great stuff. But the punch line, "You are in full control and with the advanced compliance options above, you can put your trust in SharePoint 2010" is more than a little naive, and it minimizes the bigger Compliance issues facing SharePoint users. There are a host of potential SharePoint use cases where Compliance flat out isn't possible with out of the box SharePoint controls.

If your SharePoint users are using the platform to store any of these data types...

Cardholder data
PII
NPI
EPHI

...then Compliance for SharePoint is a different kettle of fish for you, one that involves regulations such as:

PCI DSS
40+ State data breach laws
GLBA
HIPAA/HITECH

Understanding the compliance impacts on your SharePoint site starts with understanding the content your users are storing in SharePoint. If your users use SharePoint as a place to store and share regulated data, then your Compliance obligations likely require a host of security controls, including audit trails/system activity reports, network security measures, and encryption for stored content.  

JD