It is good to hear that lawyers are involved, as is your HR team I would assume. While I understand that part of the theory of not wanting to take any action on this person in the hopes that you can legally capture the password that she used on the encrypted file, I would assume that if she poses any additional security risk to additional breaches, she would be terminated on the spot and her computer put on litigation hold (or whatever the CA equivalent may be). Depending on your security policies, devices such as personal drives or USB thumbdrives should fall under that security policy and be seen as additional risk and action should be taken.
At this point the breach has happend, Is it worth the risk to retain her as an employee (assuming that breach of company security policy is grounds for termination) and risk future breaches? Either way, it may be worth your company re-examining your security model and practices so that events like this cannot occur in the future.