Your laws on privacy are even more stringent than the EUs as far as I can make out.

I don't get what they get out of a policy like that, that's commensurate with the risk, no matter how careful they try to be.

What if an insider walked off with them, there's next to nothing you can do about that, apart from try and employ good people and cross your fingers real tight.

Unless it was a spoiler. IT didn't want to do it, so they set up the nastiest set of restrictions they could come up with to put people off?