This is just another example of the way the UK government and Civil Service, as institutions, do not understand IT. Down at the bitface, there may well be some very competent IT people - but their voices do not reach up to the levels that have control. The people who actually make the decisions, both politicians and civil servants, have no gut fel for IT. The assume that if you had over enough money to a plausible contractor, you will get something that works. The contractors, of course, are building something that meets the spec. The idea that "something that works" and "something that meets the spec" are not the same thing completely escapes them. On a large scale, the NHS IT fiasco.
In this case, they bought drives specified as encrypted, and assumed the job done. Anybody who thought through the problem would have realised that there is a second, administrative phase: who sets they keys, who holds them, what happens if they are ill or leave, should we change the keys if people who know them leave... A side effect of this thinking would have been to decide when to turn on encryption, who to do it etc. But because they had bought a box with "encrypted" on the side, they assumed that the technology fairies would do the rest.