1. Central gov employs hundreds of thousands of people, and deals with sensitive information all day every day. The likelyhood of a complete muppet doing this is pretty high. That does not mean that everyone in Gov is an idiot.
2. From my experience, private sector organisations are just as bad. Came across an example recently that made my mind boggle, but you'll never read about it in the paper as the company will never tell anyone and it wasn't personal data or anything covered by the data protection act so it is not obligated to tell. Stupid things government does ALWAYS ends up in the paper
3. Don't have enough information from the story, but posting a disk encrypted with very strong encryption may be appropriate given the outcome of the risk assessment. The headline might be fun, but actually it could be a non-story (but that doesn't sell papers or get unique vistors). Use the right encryption software and the disks will be nothing but coasters to anyone who doesn't have the NSA's encryption munching capabilities (maybe not even them depending on what they used to encrypt it).