A Veteran's Affairs Analyst had a disk of greater than 26 million PPI (Personal Private Information) records for veterans stollen from their own home. This kind of problem demonstrates the lack of attention paid to basic Administrative, Technical, and Physical (ATP) controls that technology strategists use to guarantee the confidentiality, integrity, and availability of the information system. Indeed, it really reflects a lack of Administrative control placed over the movement of data.
Yet, almost certainly, there will be no prosecution of a negligence case either against the government agency or the individual who took the unauthorized information home with them.
Simply extraordinary. A pat on the wrist and "an abundance of caution" warning to veterans, and a slap on the wrist. Amazing this isn't being prosecuted under HIPAA given the data came from medical records.