I think, at this point, any company that allows employee data to be loaded onto a laptop should be held liable for damages if that information is compromised due to the the theft of the laptop. As some of the above companies did have such a policy, and their employees or auditors violated it, clearly the company must also have an enforcement strategy, not merely a “fig-leaf” policy.

Update 6/7/06: Thieves strike again. H/T to SDB.