Instead of each user enabling it themselves, allow for org level controls that individuals with access to org have to comply with so that org data can be prevented from breaches.
