Law, authorization and rules of behavior
The law is only effective if the company has specific Rules of behavior AND Administrator RoBs. the Admin isnt going to get a separate permission every time they want to delete an extra file. The Admin RoB must specify 1 Thou shall do no evil; 3 You shall compy with Admin Policies and then 3- 25 (or 100) the rest of the specifics to do and other things that do need specific authorization (e.g. deleting all backups). And that any violation of can include termination, civil and criminal action against them. The wording may vary from state to state, but this is the basic premise. The RoB must be done because some employees are not on contractual obligation or may be unionized. Also the Admin RoB specifies adherence to Change|Configuration management s policies and procedures (i.e. nobody changes anything without written approval). And also compliance with Admin's policies noted above (the RoB may be a summary of the Admin's Policy manual). That is how to get a general or vague law to be effective.... And my guess is that this guy is going free if the employer company didnt do the policies and RoBs.
Biting the hand that feeds IT
