At the less restrictive end of the spectrum is Children's Home Society of Florida (CHS), an adoption and family counseling agency in Winter Park.

"We deal with private medical information, and so it's been a long-standing problem," said CIO John Valleau. "Our employees have floppy disks, flash drives and iPods to which information can be transferred."

Although CHS has a "thou shalt not copy" policy regarding the downloading of sensitive information to portable memory devices, Valleau says he isn't about to ban them, because "some people might need to carry protected medical records from one location of ours to another." As a result, Valleau is looking at requiring employees to use only new, encrypted flash drives at the 1,000 computer workstations at the firm's 210 offices around Florida.

Hospitals, which must closely guard patient information under the Health Insurance Portability and Accountability Act, are particularly concerned about flash drives.

"While personal storage devices haven't been a big problem for us, we need to be able to prove that we are protecting patient information," says Mark McGill, a network engineer who administers security for 900 workstations and 1,200 users at Ellis Hospital in Schenectady, N.Y.