Though will they be given the authority to undertake their new responsibility?

The civil service still has a lot of people in charge of their computer stuff, charged with ensuring it runs yet, when it comes to telling a more senior person that they must do something (because, for example, the disk is filling up and if it fills, the system will fall down), they are told they cannot tell what a senior-level employee can do because their only an assistant-level employee.

I see from related news stories that Ruth Kelly seems to think that when government departments send private data to private contractors overseas who lose it, that "the primary responsibility lies with" the contractor...

Unless and until government ministers actually bother to read and understand the responsibilities imposed on their departments by the Data Protection Act, and actually seek to live up to those responsibilities rather than evading them, things are not going to get better.

Perhaps Ministers who fail to impose a proper Data Protection regime on their departments should also face the big house?

Just out of curiousity, why are there ANY governments handling our personal data without BS7799/ISO27001 certification both for themselves and every contractor they use?

The person responsible for the decision? Or the poor sap ordered to commit the deed? Since the security regulations are apparently kept out away from the junior staff (so they can't know if they're breaching regulations), I'm sure this will have exactly zero effect, and land some innocent people in serious trouble.

Had this with a system I run a few weeks ago, disk had under 1Gb free.

Said I need to move stuff off this ancient server ASAP to something else, either you let me do it within the next 2 days or the server - plus the two apps that run on it - goes down.

They authorised the downtime during core hours.

Gordon Brown is going to prison becouse he'd been told about the lack of security and thought it a non issue just like everyone else down the food chain?

No?

Thought not. Mr S. Capegoat will be receiving accomidation at Her Majesties pleasure though I'm sure.

"the government pointed the finger at a junior official they said had ignored procedures to download the data onto a disk"

...ignoring the biggest problem - that it was POSSIBLE for a junior official to download data worth millions of pounds onto a disk. So we will never know if a junior admin has flogged this information fifty times allready?

Government impose budget restrictions that others have to work to. The managers pass the buck down as it has to be done somehow within budget.

The poor worker at the bottom does the deed to the best of its ability given the constraints.

To me the buck stops at the treasury who imposed unrealistic limits or the government who imposed unnecessary outsourcing requirements, but legally I am pretty sure the responsibility will stop at the bottom, thus screwing up some other unimportant peasant's life.

I have been utterly amazed that since Bliar came to power the impetus has been to mark every criminal for life so that they never have a future, while politicians may just say "Sorry, Let's draw a line under this" and then prosper even more.

Animal Farm was supposed to be a satirical look at communism, not a political blueprint for New Labour.

However, I do think that the junior level (Mr S Capegoat) need to have the balls to turn around and say "No, I'm not doing that". The best and easiest way to do that is to make sure you don't need the job and the best and easiest way to do that is to ensure that your spending is less than your earnings. After a while, you've got enough tucked away to last 6 months or more and you can afford to tell your boss who says "get this data sent to my buddy in the USA" "unencrypted? No.".

Having a centralized database will always ensure that data is insecure.

Some place gets a big target mark placed on it.

Data should be diversified, and stored in variable locations. Any access to data should also require the notification and the agreement of the person who is having the data accessed.

The responsibility of holding the key is the person whose information it is, they should be given the ability to hand out a one time key and have the information viewed in a one time viewer not linked to any other output device.

Problem is, people think that a computerised solution should be faster than a paper one, they forget that a computerised solution could be slower but also offer another more secure paradigm than a paper one. When it comes to government, we should be looking to increase our rights by the use of computer systems, not fritter them away for the sake of sloppy expediency.

We need to make government servants accountable for every view of personal data, and track their every move when it comes to information about us. If a data breach occurs we don't sue the government (who just tax us) we sue the individuals, and those responsible for them, who accessed the data resulting in the breach. If this was in place watch how quickly data breaches would become a thing of the past, the government is the weak link in the chain at the moment when they really should be setting the example by which the private sector operates.

Oh, and data on UK citizens should not leave UK shores, that is a no brainer and we can also concentrate on improving our part of the internet, not so much to traffic shape our traffic but to look for leaks primarily coming from the government departments; they appear to be the enemy of common sense at the moment.

Sadly there is no understanding of, or real attempt to educate about, security inside any government departments except the MOD. I've worked for local and national government in various roles. Oh they're great at making getting in and out of buildings convoluted and irritating, in some places, but have no idea about data.

I actually worked on a government e-mail migration project some years back where our solution to get to their mailboxes was to hack into their accounts!

Some form of PKI would be a good initial move and the costs of implementing it would be trivial compared to what the government is going to fork out to Cable & Wireless for them to change infrastructure halfway through the National Health IT Project - there's a story that's gone unreported if ever one was!