One learning point from the recent HMRC data breach is the need to de-classify security guidance. As noted by the Guardian and The Register, some Government security manuals tend to be protected data themselves. This restricts their distribution. Most of Industry de-classified their security policies and standards and placed them on their Intranets more than a decade ago. Security by obscurity no longer works when ordinary members of staff have the capability of compromising large quantities of sensitive company or customer data.