The loss by HMRC of two CDs crammed with sensitive data is now being hailed as the UK’s biggest ever data breach.

Clearly, downloading a database containing confidential and financial details onto a CD and posting it was a disaster waiting to happen. As members of the public we are acutely aware of the risks associated with financial details ending up in the wrong hands and, as a result we take the necessary measures to ensure that we minimise such risks, such as keeping PINs separate from the credit cards in our wallet.

So what has led the government to treat such sensitive data so carelessly, particularly as it has a direct responsibility to protect it?

Password protection is simply not enough to ensure the safety of sensitive data, and immediate action must be taken for the government to restore public trust and confidence.

Arguably some investment should be made in using more secure methods of data storage and transfer.

Processes should also be put in place to stop events such as this from happening in the future – perhaps a move to architect the system is needed so that a download is impossible unless it is authorised? If there is a real need to download confidential information to a CD, it is essential that this information is encrypted to ensure that data cannot be tampered with.

Lianne Denness