Such a policy is both wise for the company and instructive for the employee. There's no way to guarantee that the policy will help employees hang on to their laptops while traveling, but it can ease the pain by reducing the financial and legal impact of data loss, as well as impart awareness of this serious issue to employees. A large company can afford to spend millions for identity-theft protection programs for clients whose data has been lost, and can withstand the damage to its reputation that a privacy breach causes. But smaller firms can be driven out of business by such an incident -- and an employee who hasn't adhered to an established company policy is likely to be out of a job. Some of the points formalized in the mobile device policy might just seem like common sense, especially the ones related to physical security. It's hard to believe anyone needs to be told not to leave a portable data device in an unlocked car. But that's exactly what an Ohio state government intern did in June, leading to the theft of a system backup containing personal data on more than 200,000 people. And if you think it's not possible to absentmindedly wander off and leave behind a BlackBerry or laptop, consider those London cab statistics. Without a formal, established policy on physical security, an employer may find him or herself with no legal cause to fire an employee whose actions have had a disastrous impact on the firm. A perfect example lies in one of the biggest and most public data compromises ever, the laptop stolen from an employee of the U.S. Department of Veterans Affairs in 2006.