USB and portable devices can often be encrypted. The major HDD encryption vendors out there... Safeboot, Utimaco, PointSec, etc., all have products that do so automatically when inserted. However, they usually install a small loader app that if you know the password, you can decrypt. So this helps in the lost USB drive issue, but it doesn't do much in the malicious employee situation.

This is a hard one because there are so many ways to circumvent the rules. You mentioned bluetooth. One technology that often gets forgotten about is infrared. And it works. I've used infrared to transfer files back and forth between my laptop and mobile phone back when I still had a mobile phone. One of the things the military has done is go to diskless workstations in sensitive environments that don't have the USB ports, etc. I remember a friend of mine who worked on the B-2 project describing the setup. We see it nowadays advertised as thin client systems and the like. And it works... to a point.

However, this is really only the tip of the iceberg. Blocking webmail sites is necessary. Ensuring access to sites like GotoMyPC.com aren't permitted is another necessity. And it still doesn't solve the issue of printing hardcopies of data and then taking that offsite and using a good scanner with OCR to recover the data. Nor does it address unconventional uses of technology such as Kaminsky's use of DNS to store media files.

This is why security folks are walking around with that perpetual "Someone ran over my dog" look. There are so many ways to beat the system now that security is always playing catch up. It's also why security folks seem very unyielding when it comes to bending the rules for something. We've lost sleep at night considering some of the potential consequences.