OK. For the record, I worked at a government agency, at a GSE (both as a contractor, my company and the client both provided laptops only), and at a Fortune 100 company in the timeframe I quoted.
The sensitive information leakage thing is protected via full disk encryption in all those cases.
At least once a year I have to explain to the auditors that no, we do not clamp our desktop boxes down. Every system is set up with full-disk encryption.
Auditor: "What happens if someone steals one of those boxes?"
Me: "We lose perhaps 1k worth of kit. An annoyance. Someone has to spend time reinstalling their setup. But the data on the disk is illegible garbage. Useless."
Auditor: "Have you documented that as an accepted risk?"
Still, some organizations are concerned enough with their data that they'll not risk having it outside the building regardless of how well encrypted it is when the machine is turned off.
The sensitive information leakage thing is protected via full disk encryption in all those cases.