The continuing instances of private data loss and compromises from government and military departments are indicative of organisations that treat security as an expense to be avoided rather than as a cost of everyday business. That is why data is moving around without encryption, and why investment hasn’t been made in secure transportation, and why hapless individuals don’t have the slightest inkling that leaving laptops computers unattended in cars isn’t a very good idea in a country where loose articles in cars are generally treated under the law of “finders keepers…”
In my own organisation if we suffered similar loss, I would be called to account and then the board would be called to account. The reason being that it’s all about governance. If you don’t manage security properly and if your company isn’t prepared to invest resources in the right places then don’t blame Johnny in marketing when he puts a CD carrying the company database in Excel format in a jiffy bag and sticks it in second class post unless you’ve trained, communicated, and provisioned to get the job done properly.
I think we’re all pretty shocked by the sheer scale of incompetence that seems to abound with regards to managing private data by the government. Let’s be clear, it is the government’s responsibility and another enquiry, or think-tank, or report, or knee jerk reaction isn’t going to work. What’s needed is governance, process, investment, training, resources, leadership and management. Not necessarily in that order.