I recently discussed protecting customer data.

Here’s an example of a company not doing that well:

"In the first week of December, a laptop was stolen from an
employee’s car," Boeing spokeswoman Kelly Danaghy said. "That laptop
had files that contained Social Security numbers for about 382,000 past
and present employees, and in most cases it also included a home
address, phone number and date of birth."

This isn’t the first time the theft of a laptop has compromised security for Boeing employees.

In April, the personal information of about 3,600 employees was
compromised when a laptop was taken from a Boeing human resources
employee at an airport. In November 2005, a similar theft put the
personal data of about 161,000 employees in jeopardy. Source: seattlepi.com

But other companies are learning:

Visa has created a new $20 million incentive program under which it will
monetarily reward "acquiring" financial institutions if their members
are fully compliant with Payment Card Industry (PCI) data security standard requirements by Aug. 31, 2007. At the same
time, acquiring banks that fail to ensure compliance by Sept. 30, 2007,
will be assessed fines starting at $5,000 a month for each noncompliant
merchant. The fines increase to $25,000 per month for each noncompliant
merchant after Dec. 31, 2007.

As part of the compliance validation process, merchants will need to
show that they have purged all magnetic stripe data, Card Verification
Value data and PIN data from their point-of-sale (POS) and other systems. Source: Computerworld