Energy Department needs additional security
Via Federal Computer Week, the US DOE inspector general recently performed an IT security audit and found that "the department hadn't ensured that sensitive data stored on mobile devices, sent in e-mail messages, or sent to off-site backup storage is sufficiently protected by encryption, as appropriate."
The DOE partially agreed with the findings but added:
...taking adequate steps to ensure that there is no sensitive information on laptops or mobile devices should be sufficient without requiring encryption of all data on all devices.
This seems to rely a great deal on user behavior and will be vulnerable to malicious actions or just poor judgment by employees.