Our TechNet Events team in the US have been talking about using BitLocker to encrypt and protect your data for the past year. During our sessions I always try to give examples of real-life scenarios of data loss or theft of laptops and drives and have talked about some of the most recent examples here in the US.
Here's yet another example, from England, where there was a theft of unencrypted USB drives that contained sensitive data. Why weren't they encrypted? In this case the logic was the drives were in a "...double-secured area" and therefore didn't need encryption. So much for that logic. The article also talks about some other data loss occurrences, including the "...loss of a memory stick containing the names and expected release dates for 84,000 prisoners" as well as "..a disk containing the names and addresses of almost 11,500 teachers". Some of the data was lost in the mail. I have two questions here, first why would anyone mail sensitive data that isn't encrypted in some fashion, and second, why would you even mail it, wouldn't it be easier, safer and more secure to transfer it on the network ?
Bottom-line to all of this is you need to protect your data!!! If you haven't put any thought into this thus far, now is the time to get something in place. If you have sensitive data in your environment, and most of us have, then you need to have processes and policies in place as well as technologies like BitLocker as part of your solution.