Computer Weekly bloggers have questioned whether government actions to eradicate data losses is making any progress, following today's loss of 120,000 criminal records.
CW Blogger David Lacey is a security consultant and former chief information security officer at Royal Mail. He said the breach illustrated the challenge of eradicating bad security practices across Whitehall. "Massive publicity and waves of security reviews have clearly not made sufficient impact on day-to-day operations. We need to take a whole new approach to security culture," David Lacey wrote.
It is also worrying the contractor that lost the data was PA, said CW Blogger Toby Stephens. "PA Consulting did the lion's share of planning for the National Identity Scheme. Its staff has been immersed in HM Government Information Assurance procedures for some years now, so the very existence of an unencrypted memory stick with that data on it is inexcusable," wrote Toby Stephens.
In his risk management blog, Stuart King pointed out that PA should use encrypted memory sticks. "Encrypted USB sticks are a little more expensive than standard devices but readily available," said Stuart King.