Lost drive? So what?
The drive was securely encrypted and data further encrypted/obfuscated to frustrate any attempts at unauthorised recovery.
They only have to worry if their procedures were so lax as to allow someone to attach a generic drive (unencrypted) and to copy the data over in the clear.
And only total amateurs would allow such a thing to happen, professionals dealing with vast amounts of sensitive information would be experts at handling such information securely.
Ad-hoc encryption (just write it into your procedures) is a piece of piss, has no real overhead and is better than nothing (just try TrueCrypt if you don't believe me).
System-wide encryption is harder but still doable and is certainly cheaper than having your ass sued off when (not "if", "when"!) you lose the data vessel.
There is no excuse for sensitive data of any kind leaving a facility in the clear other than gross incompetence/negligence.
Perhaps the USA would like some advice from the UK government on data securty?
Oh...wait a minute...
- YARR! Pirates walk the plank: DMCA magnets sink in Google results
- Pics Whisper tracks its users. So we tracked down its LA office. This is what happened next
- Review Xperia Z3: Crikey, Sony – ANOTHER flagship phondleslab?
- OnePlus One cut-price Android phone on sale to all... for 1 HOUR
- Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know