This article about the government’s opinion on P2P networks (they claim it is the cause of sensitive gov’t data being disclosed and is thus evil) is exactly what I thought when I first heard this story today. The use of P2P networks and applications is not the issue here. The issue is data protection and system control. Don’t let your organization-owned systems have P2P software on them (there are plenty of ways to tackle this both on the systems and the network!). And keep track of your data so people don’t bring it home and put it on little Stacy’s computer running 3 default all-shared P2P apps 24/7. Pound in that this activity is against policy. Stop slapping wrists and start meting out real punishments to the employees for such violations.