Some years back I worked for a DoD agency where the managed data was classified For Official Use Only because it contained employee personal and financial information. The requirement was that all government work be performed using equipment provided, configured, and maintained by the government and that any official email be done using the agency's Exchange. Similar emergency provisions to those the article describes applied to the email part and I doubt anyone ever was beaten up for a misstep on the that. However I made sure to copy or forward to myself, my manager (and usually his manager) any work related email from or to my private account, and required my employees to do the same.
It is disappointing that the State Department, which handles data of considerably higher classification and where email is far more likely to contain sensitive material, appeared. to be clueless about security, both in IT and in upper management. There likely is more to be concerned about than the technical violations of a law that seem to be the focus of most of the articles in the nontechnical press.