I think it's inevitable that we'll soon see hefty lawsuit settlements against companies that have negligently exposed their employees SSNs and other personal information. I also think that, eventually, the government is going to intervene and pass some legislation that will pile some hefty fines on companies that don't meet certain standards insofar as guarding that kind of information, a la HIPAA for the medical industry.
In the meantime, though, companies (and governmental agencies) need to get on the ball. I'm talking about stricter policies restricting what kind of data employees can carry around on laptops -- tied to serious consequences for those who don't comply. I'm talking about implementing technology like encryption, which may not be a simple cure-all, but that's a step in the right direction. And I am talking about scrutinizing those SLAs with your partner companies, like Unisys and Deloitte & Touche, and being certain they're taking measures to keep your company out of hot water -- and blog posts like this one.