Re: Here's a question:
I have to agree - this is EXACTLY what data protection laws are for.
To stop your data wandering off because a rogue employee left a company that was storing it.
To stop your data being sold off to the highest bidder against your will.
To stop your data becoming front-page news because the ISP got a virus, etc.
To stop your data being shown on the receptionist's screen and visible to all for no good reason when you walk in for your business appointment.
Not a technical measure, but a legal one which is generally enforced by technology.
I work in schools. In my workplace, I ban anything USB being plugged in. More for viruses (as they are a data protection nightmare, and a nuisance), but also so you can't just copy kids data, take it home, drop the stick somewhere and little-johnny-who's-son-of-a-celebrity has his home phone number put on Twitter.
We also filter web access for child protection and for data protection reasons. You shouldn't be using GMail/Yahoo/whatever for business purposes, so access to them is monitored, recorded, filtered, etc.
Data Protection is EXACTLY this. Stopping data getting into the hands of someone who DOES NOT NEED IT. That's the entire purpose of data protection. Theoretically, even allowing someone access to a password which could - in theory - let them access data they have no need for in their job is a data protection violation. Read the law, then come back.
This is EXACTLY what Data Protection is.