Re: Lax US Security Rules????
Yes and no. As always how it gets implemented in a particular office often has more to do with the people implementing it.
Technically I haven't worked in such an environment myself (although God knows why given some of the data a company I use to work for analyzed*), but for two years I had a boss who had. There's an IT end to it that in theory is every bit as important as the physical end of it. She had the processed nailed down hard, and tried to adopt as much of it as she could to our environment on the basis that most of it is actually bog standard horse sense.
*Yeah, it was insurance and hospital data. But because we were working under the auspices of Congress instead of actually being the medical facility we were somehow "exempted" from HIPAA. No, I didn't really believe if anything bad happened that would hold up. But I wasn't high enough in the food chain to say otherwise. Fortunately I also never handled the data, only occasional desktop support on some of the systems, and always under the watchful eye of someone who was authorized to be in the room.