So they basically have the same info/data on a server. Why does the laptop have to have a copy again?
Should it really be necessary to have a copy on the laptop, why not add another layer of security (aside from the usual-but-rarely followed ones)? Remove all unique info/data from the copy on the laptop and replace them w/ one identifiable data/key/ID that can be tied to specific info/data on the server? If all they need are names, just store the names plus an, ID for each name, on the laptop. For added security, the ID on the laptop is not the same as that stored on the main database but is different and is stored on a separate database that stores a combination of ID from both the laptop and the server. This way, even the ID on the laptop can not be used against the main database. Another benefit of this is that each laptop can isolated, and should it be compromised, the database containing the IDs from both laptop and main database can just be cleared (archived and removed from normal access). Ofcourse, it'll be more effective the less unique info stored on the laptop.
I'm no security expert but at least its better than having a complete record on a laptop.