NASA has since notified an additional 30,000 people whose personal information may have been on the stolen laptop, says Robert Jacobs, a NASA spokesman. He declined to provide the job title of the person who left the laptop in the car. But he said that there had been no indication of identity theft and that the agency has encrypted practically all of its 38,000 laptops.

By now, reports of lost or stolen business devices are so common that many people open data-breach notices from their banks, insurers, medical institutions, schools and state agencies with something like resignation. In fact, negligence by employees and contractors has been a more common cause of corporate data breaches in the United States than malicious attacks, according to a study of 2011 done by the Ponemon Institute, a research center on data security, and financed by Symantec, a data security company. Institutions, companies and government agencies often devote more resources to collecting information about employees and consumers than to protecting it, security specialists say.

“This is an unfortunate but perfectly cautionary tale of not only how we should look more carefully at protecting data after it is collected,” says Lee Tien, a senior staff lawyer at the Electronic Frontier Foundation, a digital rights group in San Francisco, “but also how the data is to be safeguarded before we collect it to make sure it isn’t used improperly or disclosed accidentally.”

Dr. Nelson and his colleagues at the Jet Propulsion Lab, which is operated for NASA by the California Institute of Technology in Pasadena, didn’t set out to become crusaders for workplace data privacy and security. Initially, they wanted only to challenge NASA’s background checks, arguing that civilian scientists had a right to keep their romantic, psychiatric and other intimate information private from the government. Besides, they contended, the space agency would not be able to safeguard the information.

The scientists took their case all the way to the Supreme Court, only to lose. In 2011, the justices unanimously ruled that NASA had legitimate reasons to look into personal issues, like whether an employee had received drug counseling. A federal law called the Privacy Act of 1974, which restricts how government agencies share a person’s data, the justices said, should protect the information obtained in background checks.