"Open House" Results in Theft of Laptop.
  A business owner decided to sell his personal residence during a particularly "hot" real estate market.  The good news: a weekend open house generated intense interest in the property.  The bad news: at one point, while several different groups of prospective buyers were wandering through the house, some of them carrying their own briefcases, the home owner's laptop was stolen.
  While there were still hard copies of most critical documents, the business owner had never made a backup of any of the data stored on the laptop, none of the data on the laptop hard drive had been encrypted, and the laptop had not been secured to the desk by a $40 anti-theft cable or motion detector.
  If there were unencrypted personal data of California residents in customer files stored on the stolen laptop, then the notification requirement of California S.B.1386 could have been triggered.  The direct cost of notification plus the indirect costs from the loss of customer confidence in this business could severely impact the revenue of this person's business.

 
If you would like to contribute your own "hard lessons" for the benefit of other visitors to this site, please send me an email and we can discuss how to include it without further impacting the security and confidentiality of the person in the story.