I am amused to see that they are now offering a reward for those missing child benefit records.
Now is it me, or is that totally missing the point? If those discs turn up now, even if they are found stuffed down the back of a filing cabinet in the same building they came from, then surely the data must be considered compromised. Whether they are found or not, nobody can be sure where they have been in the interim or if they have been copied. Offering a reward for them at this stage - doesn't that demonstrate that the people in charge don't understand the basic concepts?
It's like the 'junior official' defence earlier. Sooner or later, everyone is sloppy or makes a mistake. These things happen, and occasionally, you get bitten on the bum. That's being human.
But blaming the entire fiasco on a 'junior official' - surely that makes the whole thing *worse*, not better? If the bad decision was made by an important busy someone with a high level of access, then you can at least understand how it got made. Tut tut. But if the decision to copy the data, fail to encrypt it, and send it in that way was made by someone junior, that makes the whole organisation and their systems look totally ramshackle.
If the decision was made by someone not very important who didn't really understand what they were doing, *why on earth did they have access*? Why were the systems set up so they could write all that stuff unencrypted to CD? That's not an excuse or a shifting the blame! That's making the whole business look 10x worse!
Oh yes, and that statement, referring to changes in 2006 - "We introduced at that stage more stringent rules. We set out to learn lessons in relation to security,". In 2006? What were you doing before that? That's last year, how long did you have computerised records before you realised that sending them about the place unencrypted with no tracking might be a bad move?
Still, with a bit of luck this blunder will have killed off that totally nuts identity card idea. I really hope so.