We need to insure that staff and faculty who have legitimate access to sensitive information are not both creating their own databases or spreadsheets on their local systems AND running P2P networking software. Here's how it burnt Pfzier: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9024491
Ideally, we need a comprehensive security and reporting strategy that both protects sensitive information and allows functional offices to deliver services.