Stopping data leakage starts with a classification of data, ie becoming aware of what data you have, assessing the risks of leaking/losing it, and implementing measures to protect it. In short, those mostly boil down to policing and monitoring of communication (network, e-mail), data access, and connectivity of mobile storage; encryption of mobile devices and network; identity and access management.
And stopping data leakage ends when management sees the projected costs. Until they get kicked in their teeth by the next employee who sells another DVD brimmed with highly confidential data to foreign tax authorities or a Chinese competitor.