The wind that blew through Idaho last week was a collective exhale by 3,400 National Guard members after authorities in Boise recovered a stolen computer thumb drive that contained their names, Social Security numbers and dates of birth.

Guard officials do not believe the sensitive personnel information was compromised during the few days it was missing. That’s a huge relief to the Guard members who had to fret over what would happen if identity thieves got their hands on information and began setting up and exploiting new lines of credit.

But whether the episode truly had a happy ending will depend on what the National Guard and other agencies – repeat, and other agencies – do now.

The thumb drive was taken from a private car during a rash of auto break-ins in an area of Boise where similar thefts had occurred recently. The vehicle belonged to a soldier who was on official business in Idaho’s Treasure Valley. She had locked the vehicle but left the window down far enough that the thieves could gain entry without force.

Even as Guard members all over the state were being notified to take precautions against identity theft, Guard officials were saying repeatedly that the soldier who left the equipment in her car had violated no policies.

The Guard, which is lucky that the data was recovered before it could be put to illegal but profitable use, promptly announced it will revise those policies.

Better late than never, but it’s fair to ask why a policy wasn’t already in place to ensure that sensitive information is handled securely. By not leaving it in an unattended vehicle, for starters.

It is no secret that large banks of personal data can be a gold mine for lawbreakers who profit off fraudulent credit cards while destroying crime victims’ reputations and credit standings. This isn’t the first or worst such incident to trigger a massive scare.

Ask the U.S. Department of Veterans Affairs, which had a nightmare year in 2006 when: Computer equipment containing data on 26.5 million veterans was stolen in Maryland. And a VA hospital in Alabama lost a hard drive with sensitive information on about 1.5 million people. And a subcontractor lost a computer with information on 16,000 living individuals from VA medical centers in Pennsylvania.

Those and similar episodes in recent years were siren calls to all large agencies, public and private – including the Idaho National Guard – to beef up their policies for safeguarding personnel information.

The Idaho National Guard and its 3,400 members were lucky this time, but it would have been smarter to anticipate the problem than to be reacting to it. Prudent organizations will benefit from the Guard’s near misfortune by examining their own procedures and training their employees.

But how many will ignore the warning until disaster strikes them directly, and then announce that the employee who lost thousands of individual records had violated no policies?