reading Object-Level Security Through Accountability by Phil Windley. its pretty good, it gives a good argument that accountability is more effective than control. but to assure accountability requires positive identification and authentication to provide trustworthy audit trails.
while some people get scared off at the idea of identity cards with strong encryption, etc. i think it will be necessary in any environment with a reasonable sense of security. give people tokens that will identify themselves to systems and you can keep track of what information passes through what people. that way if something gets lost/stolen/leaked, you positively know who did it. more importantly, the potentially "bad" employee who knows this mechanism is in place is far less likely to steal/leak if they know they can be tracked down.
for some reason that brings me to an episode of "24" i saw (i think in terms of "24" these days): some devious character tries to cover up their tracks and remove their trace from a video log (think of it as an audit log). this fools everybody except for the boss guy (the main character, Jack) who pulls up "hidden" copies of the logs. what the devious character didn't know is that the video is copied to the database in two locations, one known by people at her clearance, the other only known by people at a higher security clearance. a pretty cool trick.