The Department of Veterans Affairs said late this week that it recovered the now-infamous laptop that contained critical data on 26.5 million veterans and other military personnel. Some of the sordid details of the laptop\u2019s recovery have been revealed, but what remains floating in the incident\u2019s wake are a lot of questions. Like, who stole it, how was it recovered, why isn\u2019t anyone in police custody for stealing it, and was Chuck Norris in any way involved in the rescue mission? (One can only hope.)Now comes the \u201cgood news \/ bad news\u201d part of this saga.Good News: It\u2019s good that they found the laptop (especially considering that 82 percent of laptops that are lost or stolen are never recovered -- according to mobile security vendor Credant Technologies). It\u2019s good that the VA\u2019s claiming that the data appears untouched (says the FBI) and there have been no reports of ID theft among the 26.5 million Veterans whose Social Security numbers were on that laptop (that would be a really bad group of Americans to screw over -- \u201cThanks for serving our country and possibly getting yourself killed for the good of our nation.... And, oh, so sorry about your liquidated bank accounts, bogus credit-card charges and bad credit rating for the rest of your life. God Bless America, and have a great July 4th!). And, finally, it\u2019s good that the VA chief said they will use this incident to fix the \u201cdeficiencies\u201d in how they handle the veterans\u2019 personal data.Bad News: Now they\u2019re actually going to have to fix the deficiencies. Though this data loss had the potential to have been catastrophic, the VA certainly is not alone in its laptop-loss transgressions. Just last week, two laptops were stolen from a locked car belonging to an analyst who worked for the Federal Trade Commission. On the laptop was more than just the standard fare of your typical laptop theft and possible data breach, however. Included in the data were individuals' names, addresses, Social Security numbers, birth dates and, in some cases, financial account numbers, the FTC said. There have so many similar incidents in both the public and private sector during past two years, it\u2019s getting hard to keep track. Jim Nicholson, the Veterans Affairs Secretary, said that \u201cwe have to remain hopeful [that the veterans\u2019 personal information has] not been compromised.'' Wait. So now we\u2019re accepting \u201cwe hope nothing bad will go wrong\u201d as a legitimate info-security strategy and action plan? I hope not. It\u2019s also interesting to note that on Friday news broke that the VA was now revealing two other data breaches in the past, and that its CISO submitted his resignation. A legitimate and broader question, though, is what\u2019s it going to take to stop more of these incidents from happening? In past articles, I\u2019ve written about controlling the proliferation of mobile devices inside your company and creating enforceable security policies for corporate-owned devices. A policy, which has some bite to it, is a start.Here\u2019s the rub for IT and infosec folks, though. The potential for blunders such as these are only going to increase as workers demand more mobile computing options, and IT loads more data and corporate information onto those devices. A Forrester Research mobility report that came out in March said that right behind the number-one mobility challenge (security) was keeping pace with end-user demand. In turn, Forrester found that companies are adopting mobility devices faster than they had planned. And you know what that can mean? A shaky, chaotic mobile device management \u201cpolicy\u201d along the lines of, \u201cGive \u2018em what they (meaning, users) want right now, and we (meaning, IT folks) will take care of provisioning questions, security fine-tuning and policy enforcement later (meaning, never).\u201d And that\u2019s not a good plan.What do you think about all of this? And how are you managing mobility issues inside your company? Let me know.