The have created their own problems
As far as I am aware, the EU data breach legislation requires you to notify even if the lost media or computer was encrypted. This is unlike other legislation which only requires notification if it was not encrypted.
Could be a bit of empire building here and the usual government bloating of staff and tax grabbing. The legislation has some review time to go, lets hope that some sense is introduced.