No customer information is stored on Box.net employees' personal computers.
This could be ambiguous. (Is the employer-issued computer the "employee's personal computer" or only computers actually owned by the employee?) I'll look at the following using the stricter interpretation of the former.
Now how hard would that be for other companies and public entities to implement? There are companies that have very personal information on thousand or millions of customers, but let employees have that data on their employees' computers. There have been notebook computers, CDs, and even desktops that have been recently lost, stolen, or otherwise unaccounted for.