To me, this is security 101 stuff. Here's how to deal with it: (1) Encrypt all sensitive data wherever it is stored; (2) Allow access to this data only by authorized users using strong, two-factor authentication; (3) Make sure the data only appears in the clear to authorized users, and never while being transmitted. VPNs are wonderful and not all that complex.
My second remedy would be put into action in the event my personal information is ever compromised due to utter stupidity or incompetence: I'm going to sue the bastards, and I'm going to invite all of you to join the class. The penalties for this kind of rubbish apparently just aren't strong enough. Since the costs to implement adequate security for any mobile data aren't all that great, there are simply no excuses. And it's time to insist that those who don't know how to build secure solutions find another job.
— Craig Mathias is Principal Analyst at the Farpoint Group , an advisory firm specializing in wireless communications and mobile computing. Special to Unstrung