I've been in call centers that attempted to screen for storage devices via metal detectors and x-ray machines, but that's certainly not the norm for data centers. I know of customers of my former employer who would not provide system passwords and utilized disk encryption, but I have my doubts that their key management practices completely protected against someone with physical access. Ultimately if you're hosting somewhere that you don't control your primary defense is reputational risk and lawsuits.