Why is there no policy in the government that means his use of another company to remove data from his system was an automatic breach with serious consequences. I have implemented that policy in my company, namely don't install unapproved software or attempt to change any setting at all without IT approval.