Teens arrested in that theft of VA PC with 26.5M vet records on it. Questions remain

OK, so arrests have been made but some questions remain unanswered if you ask me.  According to a CNN version of an Associated Press story:

Two teenagers were arrested Saturday in the theft of a laptop and hard drive containing sensitive data on up to 26.5 million veterans and military personnel, authorities said..... The government-owned equipment was stolen May 3 during a burglary at the Maryland home of a Veterans Affairs employee. The laptop and hard drive were turned into the FBI on June 28 by an unidentified person in response to a $50,000 reward offer.....Authorities said the suspects did not specifically target the VA employee's home in Aspen Hill, Maryland, and did not realize the hard drive contained veterans' information until the case was publicized.

"While this arrest is good news, we were lucky that the data belonging to veterans was not accessed and misused," Steve Buyer, chairman of the House Veterans Affairs Committee, said in a statement...."The vulnerability is real and with the help of Congress, VA must move forward with information security reform," said Buyer, R-Indiana....Congress is investigating the steps leading up to and after the theft.

To me, it's a bit of a placebo that Congress is looking into things.  Given how lawmakers have traditionally handled IT matters (Net Neutrality, SPAM, laws regarding disclosure when there's a data compromise, etc.), I don' t have very high expectations of any Congressional outcome.  If anything, the result may very well be a law that's either watered down or simply unrealistic to put into place.  But, at the very least, a great question is raised -- one that every CIO and IT manager should be asking of their staffs.  What was it about whatever applications were being applied to the data that required or allowed so much sensitive data to be stored on a personal computer?