One of an IT department’s responsibilities is to keep people from harming themselves. In some ways, IT is the digital version of OSHA. Instead of keeping ladders from falling on people and boilers from exploding, IT keeps people from getting hacked or from letting people lose track of which of the seven versions of a document people really wanted. Problems appear when an organization tries to use IT to implement safeguards against liability. Liability is a legal issue, not a technical one. For the same reason passwords got co-opted for security purposes when they were originally intended for identity differentiation purposes, legal departments say, “Hey, we can keep people from doing dumb stuff and getting us sued” when in fact people are not doing dumb stuff. Legal just wants the easiest way to mitigate liability. That intention isn’t wrong, but rather misplaced.