I recently experienced the loss of a tablet. Fortunately, I had erased all data entries from inside. Nevertheless, if I had info inside and someone was able to unlock the tablet, they would have access to sensitive data that may have been collected and stored by Kobo. This is a great issue, not only for the data protection of persons, but also for legal reasons, following the General Data Protection Regulation (GDPR) in Europe.
So, my suggestion is to develop a remote control of portables that are attached to an account and have the ability to detach the portable and withdraw access to any data collected and stored in the portable.