Mount USB as read only. Not hard.
Read/copy drive at will
Return to Council.
They should still be nailed for having that data unencrypted on a removable device. The fact it has been recovered is borderline irrelevant.
Where was the data being moved to? An employee's personal computer? If so there is probably a copy at home on (generalising now) a spyware infested, torrent riddled, festering pit of a PC.
If they have a work laptop then why would they need to put the data on a drive anyway? Nope, Leicester's decent into the land of Fail continues unabated!
I don't think the Council will have placated the ICO by finding it.