alea, there have been consequences to some corporations that don't deploy effective - and available - encryption technologies and thereby put confidential third party data at risk. BP will pay dearly for the need to manage lost personal data belonging to 13,000 claimants from last year's Gulf oil leak. They are not only bound to monitor the credit status of these individuals and businesses for an indefinite period of time but they will inevitably face law suits, all of this on top of the costs they already face from the drilling disaster. AND, all of this from the loss of one measly laptop that had no encryption application and was only protected by the customary username and password.
This incidence faced by BP alone should draw the attention of corporations everywhere. The cost benefit analysis is fairly straightforward.