We just went through this at our bank. Our encryption policy was modified to the following, in a nutshell:
No removable media allowed for the transfer of confidential information. Approved methods are via secure Email or secure ftp.
We enforce this by not having any floppy drives or recordable CD/DVD drives outside of the IS department. USB ports are monitored by software and usage is logged. The only exception to this rule is information that can be physically handed over to a trusted entity such as regulators, auditors, etc. It cannot be sent via postal service or other courier.
_________________________
The cannons don't thunder there's nothin' to plunder.