According to a recent NY Times article over 100.000,000 personal information records have been stolen or compromised - in released data. This, of course, doesn't even touch the real total, since most identity theft at the personal level goes uncounted, and many corporate identity theft victims either never know, or never report the breach.
UCLA, Aetna, and Boeing all released announcements lately that they have been victims of data theft - in some cases physical theft of laptops or tapes, in others victims of hacking.
This of course calls into question your own practices. If someone stole your laptop - what kind of data would they find, and how easy would it be to get that information. Do you store passwords to your corporate VPN on that box? If so, once the thief has the laptop - they own your data too.
Do you collect personal information on your corporate website? Is it protected from SQL Injection and other attacks? If so - do you purge it once you're done.