Corporate compliance has many faces in many lands. Privacy laws have been legal fodder in Europe well before the U.S. paid attention. The U.S. lawyer vs. IT didn't really take off until after 9/11. The federal government rightfully realized that the Wall Street folks had woefully silly disaster recovery plans since their DR sites were three miles away. They wanted to make sure DR sites were far, far away and that there were more than one. They got banks and brokerage houses and other folks -- who have all the dough -- together and came up with grand plans that were promptly shot down because those folks were able to convince said government that doing the right thing wasn't technically feasible. So we did nothing.
That exercise opened up one bright lawyer's eyes however, and New York District Attorney Elliot Spitzer started realizing that some of those big companies might not have the best motivations for their behavior. He started calling people on the carpet for lying and cheating. He made things change because he made it very public when big companies did dirty things.
Then the politicians got back into it and started enacting laws. The Securities and Exchange Commission came up with a slew of broker/dealer laws in order to protect individual investors and keep people in the old-boy network from continuing to hand one another huge piles of money by cheating. Part of those laws required you to keep records -- no more pathetic "We can't do it" or "We tried our best" excuses. The lawyers on the good side put tougher laws in place to say, "Thou shalt keep stuff, electronic or other, so that we can see it when we think you're a lying dirtbag." The lawyers on the bad side then started making more money, first by trying to show their clients how to skirt the issue, and then by showing them how to comply.
There are now a zillion laws that affect IT. Most are around record retention -- making sure stuff is there when someone asks for it. They were a boon to the storage industry, and now in the computer industry not only do you have to keep stuff forever, but you have to do the heretofore unimaginable -- i.e., you have to find the stuff. Electronic discovery has quickly moved from a nice, quiet little service business to a huge market. Now that CEOs go to jail for being caught doing dirtbag things, most would rather avoid that fate. Not knowing is no longer a valid excuse. Not knowing gets you a new friend in a small room. Knowing, finding and proving is what matters. Fines are no longer slaps on the wrist -- they are millions and millions of euros, baby.
Wait until encryption is mandated by law. That will be another boondoggle for both lawyers and industry.