Lost drive? So what?
The drive was securely encrypted and data further encrypted/obfuscated to frustrate any attempts at unauthorised recovery.
They only have to worry if their procedures were so lax as to allow someone to attach a generic drive (unencrypted) and to copy the data over in the clear.
And only total amateurs would allow such a thing to happen, professionals dealing with vast amounts of sensitive information would be experts at handling such information securely.
Err....yeah....
Right....
Ad-hoc encryption (just write it into your procedures) is a piece of piss, has no real overhead and is better than nothing (just try TrueCrypt if you don't believe me).
System-wide encryption is harder but still doable and is certainly cheaper than having your ass sued off when (not "if", "when"!) you lose the data vessel.
There is no excuse for sensitive data of any kind leaving a facility in the clear other than gross incompetence/negligence.
Perhaps the USA would like some advice from the UK government on data securty?
Oh...wait a minute...