If the hard drive was lost how do they know that encryption wasn't turned on? You obviously can't rely on the users as it appears that they haven't got a clue.
Widening this out why wait till something is lost before a fine is issued. If someone breaks the speed limit they can be fined without ever having caused an accident. I'd suggest random checks of similar facilities and if they are found to be using processes that could trivially lead to the loss of data through the loss of a physical asset then they should be fined, without waiting for that loss.
And yes fines are pointless within the Government, the service owner (a person) should be the one to bear the cost with the chance that ultimately they could loose their job. At the very least they should be named so there is no chance I'd have to work with them.