A report by the US Government Accountability Office has found that key federal departments are failing to take data security seriously.

The 15-month investigation into 24 major federal agencies found that around 70 per cent of laptops and handhelds do not use encryption, leaving the data available to anyone.

Since 2007 new rules from the Office of Management and Budget (OMB) require all federal laptops to be encrypted, but these are largely being ignored.

The GAO Report to Congressional Requesters (PDF) warned that many departments had not even begun to identify what data should be encrypted.

"We are recommending that the OMB clarify a government-wide encryption policy to address agency efforts to plan for and implement encryption technologies," said the report.

"We are also making recommendations to selected agencies to properly install and configure FIPS-compliant encryption technologies, to develop policies and procedures to manage encryption, and to provide encryption training to personnel."

The report highlighted some unusually poor practice, including employees at Nasa refusing to put encryption software on their laptops, and members of the Department of Education who were not told that encryption software was installed.

The report makes 20 recommendations to improve the level of data security in government, including large scale education programmes and a generic data encryption policy that can be rolled out across agencies.