In my reviews of organisations I often find that a lack of physical security is the most likely compliance risk. For example files left on desks, filing cabinet keys left on top of the cabinet and even passwords left on post-its stuck on PC’s represent privacy and AML risks.

A recent US survey (reported in Computerworld) revealed that computer laptops are most often stolen at airports, along with hotels and parked cars.

"Some of the largest and medium-size U.S. airports report close to 637,000 laptops lost each year, according to a Ponemon Institute survey. Laptops are most commonly lost at security checkpoints, according to the survey.

Close to 10,278 laptops are reported lost every week at 36 of the largest U.S. airports, and 65% of those laptops are not reclaimed, the survey said. Around 2,000 laptops are recorded lost at the medium-size airports, and 69% are not reclaimed. The institute conducted field surveys at 106 airports in 46 states and surveyed 864 business travelers….

The U.S. Federal Trade Commission recommends people treat laptops "like cash." Like a wad of money, a laptop in public view, such as in the back seat of a car or at the airport, could attract unwanted attention. The FTC also recommends using tracking devices such as Absolute Software Corp.’s LoJack, which can help track down a stolen laptop by reporting its location once it is connected to the Internet."