Our customer sometimes deliberately (and sometimes accidentally) stored customer and employee PII on laptop and desktop computers. However, that data was not encrypted, which would allow a thief to retrieve it with very little effort.
When one of your computers is lost or stolen, your customers and your brand, or public reputation, are at risk. Laptops are routinely left behind during travel and desktop computers are in often poorly protected locations. Moreover, disposal of hardware allows company data to slip out the back door. In addition, under current laws, you are obligated to notify affected customers whenever a data security beach might reasonably result in harm to them. A single notification event could result in nationwide negative publicity and direct costs in the hundreds of thousands (if not millions) of dollars.
Deploy whole disk encryption for all laptops and desktops at all offices, starting with the remote offices.
Once concluded, the project brought them into closer alignment with their own corporate information security policies and due diligence expectations. It also allowed for certain exemptions under state breach notification laws.