Has ‘you must obey the law’ ever actually worked?

Jay Heiser
Research VP
6 years at Gartner
24 years IT industry

Jay Heiser is a research vice president specializing in the areas of IT risk management and compliance, security policy and organization, forensics, and investigation. Current research areas include cloud and SaaS computing risk and control, technologies and processes for the secure sharing of data… Read Full Bio

Coverage Areas:

Has ‘you must obey the law’ ever actually worked?

by Jay Heiser | June 19, 2012 | Comments Off

Its not that I am categorically against the idea of law, but I am convinced that your typical corporate counsel is more motivated by personal convenience than by a sense of organizational proportion.

I recognize why virtually every organizational IT policy has the requirement “you must obey the law”, but I question the utility of it.

Has there EVER been a documented case in which an organization managed to protect itself by placing this bit of legal voodoo inside their end user or acceptable use policy? Has there EVER been an example of a company that actually could NOT discipline an employee who significantly broke a law through some IT-related activity, just because they had not proactively taken the time to write a generic policy against illegalities?

I’d love to see some case law on this one.

Comments Off

Category: Policy risk management Tags: law, legalism, policy

Jay Heiser

A member of the Gartner Blog Network

Has ‘you must obey the law’ ever actually worked?

Who's Blogging most recent blogs first

Categories

Tags

Archives