Not that simple. There are tons of rules and regulations businesses may have to follow. Some data may never leave company premises. Some data may never leave the room it exists.
if data can't leave the room and it's on your network, you are in violation of that policy whether you have an intranet or an internet.
security policies like those are stupid, and an artifact of a time before networks. we shouldn't have to build our networks around outdated policies, security policy should be built to accommodate the technologies of the time.
