I saw this today and sighed. Another embarrassing example of data loss from a government department; in the UK this time. Encryption of the data was provided at source, yet it is strange that encryption was not enforced throughout the complete data processing chain.
Management of sensitive data continues to be imperative. This sensitive data loss highlights the inappropriate attitude with regard to security and clearly shows that data security remains out of control. There is a distinct requirement for all government employees to protect the storage of data, including limiting the need for physical transportation, through the implementation of strict guidelines. Sensitive data should be held only where it can be kept most secure, and not downloaded to numerous portable devices or hard copy unless there is a well-justified need to do so – a need that is set out in, and enforced by, corporate guidelines.
If the government sector doesn't sort its house out, I fear we are going to see more high-profile breaches. Leaving us all with the uncomfortable question: if we can't trust the government with our information, who can we?