Its not that I am categorically against the idea of law, but I am convinced that your typical corporate counsel is more motivated by personal convenience than by a sense of organizational proportion.
I recognize why virtually every organizational IT policy has the requirement “you must obey the law”, but I question the utility of it.
Has there EVER been a documented case in which an organization managed to protect itself by placing this bit of legal voodoo inside their end user or acceptable use policy? Has there EVER been an example of a company that actually could NOT discipline an employee who significantly broke a law through some IT-related activity, just because they had not proactively taken the time to write a generic policy against illegalities?
I’d love to see some case law on this one.