High-profile data losses are "an accident waiting to happen" because security measures are added as an afterthought, according to the assistant information commissioner.
Jonathan Bamford warned yesterday that too many companies are not ensuring they have the right technology in place to limit the data they hold and prevent it being leaked.
Bamford told the Financial Times that too many companies are bolting data security safeguards on as an afterthought instead of designing systems with them in mind. Embarrassing data losses, such as HMRC's loss of 25 million personal records on two discs sent through the post, are part of the price paid for this approach to security.
"It was obviously a bit of an accident waiting to happen," he said. "They are all things where people have messed up rather than acted in a malevolent way, which says a lot about what the safeguards were in the technology itself."
His comments came before the publication of a report by the Information Commissioner aimed at helping organisations improve public confidence in the ability of both the private and public sector to keep data safe.
Bamford said companies should be investing more in "privacy-enhancing technologies" which aim to minimise the risk of losing sensitive data.
Measures include stopping data being downloaded onto memory sticks, preventing the collection of unnecessary details and giving staff access to data on a need-to-know basis only.
The assistant commissioner said companies should have done better than they have, as data protection is not "some new fangled thing" but almost a quarter of a century old.