According to siliconrepublic.com - "The donor records include details of names, addresses, dates of birth, gender, blood group and contact phone numbers."
Yes, this information has probably already been wiped and the laptop sold and the OS re-installed.
But, what if the laptop was targeted for a reason ? This is a lot of information to lose and it could be usefull to someone. Maybe all 175.000 names, numbers and addresses end up on some mass mailing list and you start getting calls trying to sell you life assurance, exercise equipment, etc . . .
I think the BTSB have a little explaining to do. It makes for poor project management to send live data out to a 3rd party for testing and development. I'm sure they signed a non-disclosure agreement covering the data, but that's no good since they no longer are the only people with that data.
Maybe (although it was not on this laptop) they also sent data covering details of blood-related medical conditions. If you were on this list, would you like to get calls or contacts from companies trying to sell you specific medication because they 'came across' your records ?
It is reported that the data was encrypted so there is nothing to worry about. What do we know of the protection provided in this specific case by the encryption ? Was it something requiring a private key which was not stored on the laptop ? Was it a password protected zip file which is trivial to unlock ? Was it some form of enterprise based encryption which requires access to the companies infrastructure ? There are many methods of encryption and they are very much not all equal. Just because we are told they were encrypted does not mean they are secure.
z