So HM Revenue & Customs (HMRC) has lost CDs containing the records of 25 million people, exposing UK residents to identity theft.

It is inexplicable how this has happened. Why were there not stringent security measures in place as a precaution?

Organisations such as HMRC should be leading by example, and taking precautions to ensure personal data does not get lost or fall into the wrong hands.

As well as the security concerns, businesses must make sure they have efficient data protection policies in place, with sensitive data protected for compliance legislation and referencing.

Insider threats, be they malicious or human error, account for up to 80 per cent of security breaches, and given the propensity for sensitive information to become lost or go missing, it astounds me that so many organisations fail to encrypt data and instead simply shut their eyes, cross their fingers and hope for the best.

Will it take the threat of legislation that names and shames organisations that fail to protect the data of their customers and employees, before they take responsibility for the information they should be safeguarding as a matter of course?

John Rollason