The leading company operating Registered Traveler programs at airports temporarily lost track of a laptop computer used to verify the identity of potential customers who sign up online and then come to the airport to have their fingerprints and irises recorded, to be encoded on the biometric ID card they will carry once approved. It turns out that the laptop was in a filing cabinet in the room from which it had been reported missing–and thus far appears not to have been tampered with. So–no big deal. And the company, Verified Identity Pass, is now installing full encryption on laptops used for this purpose.
This episode actually illustrates one of the benefits of having companies, rather than the government, performing such services: accountability. Had Verified actually breached security in a serious way, the Transportation Security Administration could have imposed penalties. And for an egregious failure, could have taken away its certification to provide such services. But if TSA's airport screeners screw up (as they have numerous times, missing guns and other dangerous items at checkpoints), there are no such consequences. That's because TSA is its own regulator, and government agencies typically protect their own.
This conflict of interest is built into the Aviation & Transportation Security Act of 2001, which created TSA and made it both the regulator of airport security and the provider of two of the component services–passenger screening and baggage screening. I was among a number of researchers who argued, at the time, that there would be stronger accountability if TSA were given only the regulatory role, with strong performance and accountability requirements for screening companies (which were non-existent prior to 9/11). But in the post-9/11 hysteria, it was seen by most Congress members as essential for the government to "take over" airport security. Fortunately, that mistake was not repeated when Registered Traveler was authorized in 2005.