I'll give you a two-part answer, if I may.
I think a lot of the protocols today are not unreasonable, but having a protocol or a policy is only as good as its operationalization. It's only as good as its application.
A lot of the rules that were in place at the lab—and I confess I haven't read them all—were not unreasonable. Access controls, how you ship things and not using your personal IT are all entirely reasonable, but it would seem they were not obeyed. I would start from the premise that you take the rules you have today and you take steps to ensure they're followed.
Given what you've said and what Mr. Cooper has said about an evolution in the international environment, I think they should all be reviewed and probably tightened.
In particular, with the use of electronic communications today, you can transmit terabytes of information in an instant. You can transfer, I think, even physically out of the labs with a bit of effort, material that's produced there.
I would start by enforcing what we have. Have a real look at it and take into account the environment that both of you have talked about.