Child Benefit Records on 25 million Britons Lost in the Post

At work, the current grumbling around the water cooler has to do with new data security policies that are creating quite a bit of hassle for us Outlook addicts in the office.

However, my coworker’s grumbling of too-short retention periods on email, and my grumbling about no longer being allowed to sync calenders via my PDA as a result of changes meant to enforce some measure of data security seem somewhat petty when you consider what can happen when care isn’t taken.

For example, consider this story from the Times:

The sensitive personal details of 25 million Britons could have fallen into the hands of identity fraudsters after a government agency lost the entire child benefit database in the post.[...]

The confidential material is on two CDs that were placed in the post by a junior employee at the HM Revenue & Customs office in Tyne & Wear more than a month ago and have not been seen since.[...]

Mr Darling told the Commons that the information should never have left the HMRC offices and its transfer in unregistered mail was against all procedures.He said the missing data was not enough in itelf for someone to access an account for fraudulent purposes because passwords and pin numbers were required. But he apologised to the country for what he described as an “extremely serious failure on the part of HMRC to protect sensitive personal data entrusted to it.”

In this day and age, simple mistakes can have potentially huge consequences.

However, in spite of that, I wonder if fix to the problem isn’t instituting draconian policies that actually make common everyday tasks burdensome (e.g., I’m trying to figure out the best way to keep my wife’s ever-changing doctor appointment schedule from colliding with my ever-changing work schedule in our new, locked-down environment), but rather pursuing some balance of unobtrusive solutions (encrypted hard drives, folks!), training, and periodic audits.