Re: Historically sound practices
Well obviously you'd get written up by either the auditors or the inspectors from your certification authority that you were exposing sensitive information on your network, simply because they wouldn't have anything in their inspection manual that describes what a "honeypot" is, nor allow any kind of "but it is FALSE sensitive information" mitigation. The whole concept is too creative for that type.
Or, possibly, a slightly more technical but equally stupid auditor would attempt to connect to the machine and copy the "patents and patients" folder, and end up swallowing the poison pill himself… it's probably better not to serve out poison, but simply document as much information on an attacker as possible and then let slip the legal beagles of war.