In order to protect the data from unauthorized access on the portable devices hardware, encryption and strong passwords should secure the data. Wick Hill chairman, Ian Kilpatrick, said “It really is very easy and economical for companies to protect data on their laptops using encryption software from vendors such as Utimaco. This can cost as little as £75 per device protected and will make it impossible for anyone stealing a laptop to decipher what is on it."
One of the secure methods I remember is using port access translation (PAT). This method uses purchased range of private IP addresses or subnet mask that have been authenticated within a network segment called the demilitarized zone (DMZ) which is the intermediate area between the trusted and untrusted network. These trusted network address have access to the proxy server, anything beyond the range of assigned IP addresses is filtered through the DMZ and denied access to the proxy server. This method of network security has many firewall options for limiting access through the network. I think many organizations do not use these methods because they underestimate the abilities of the hacker or they feel cost to use virtual private networks (VPN) exceeds the value of the risk. Most often times a strong password can lock out the unskilled hacker.
I personally feel that this should not be a legal requirement. Users have the choice to give out personal data and companies and users need to protect themselves should they choose release the required data. If an organization builds a reputation of having a secure system they will be able to generate more business.
References
Kilpatrick, I. (2007). The Frightning Cost of Unsecured Laptops. International Journal of Micrographics & Optical Technology, Vol. 25 Issue 1/2, p2-2, 1/3p.
Whitman, M. E. (2010). Protection Mechanisms. In H. Mattord, Management of Information Security, Third Edition. Cengage Learning.