Or, rather, I would feel better if it weren't for my suspicion that these 'Data Guardians' will be junior civil servants with IT qualifications that stopped at GCSE level. Or, more likely, PFYs recruited by poaching counter-staff from PC World stores.

The underlying problem IMO is that far too few people in the civil service have any substantial IT, computing and systems experience.

Another problem is that the majority of government-operated IT infrastructure runs un-adapted un-hardened Microsoft OSs and apps. I do not claim that open source (particularly 'nix-based) systems would in themselves solve security issues but they would facilitate those solutions as well as saving money in licenses.

Just wait unti one of the new guardians loses a disc they've been posted to investigate. etc etc, more people, more opportunities to lose data!

"maybe this was the idea from the beginning, lose some data a couple of times, no matter how unbelieveable it sounds and the Boys will get the jobs, no questions asked"

Was it ever confirmed that the discs actually contained the data as claimed? Or has this been a scam from the beginning?

...isn't it? Handles a lot of money and personal details. So why doesn't it have the data systems of banking corporations which have safeguards and security levels...?

If you want the government to lose less information then the only way to achieve that is to give them less information in the first place and to have less people in the government who can get at it.

Instead they hire MORE civil servants and are busily working to convince us that we can make our information safer if we give them MORE of it. This isn't about shutting the stable door after the horse has bolted, because government doesn't have a door to shut. This is about moving yet more horses into the stable and hiring yet more stablehands who bear an uncanny resemblance to those 'Wanted - horse thief' posters on the saloon wall.

Government is like Wonderland without the magic mushrooms - all sense is reversed to the extent that it forms an inverted logic of its own. Bring on the revolution.

When I complained to the Information Commissioner about the blatant disregard of HMRC for my personal data.

The Information Commissioner agreed, and said that HMRC had been in breach of the DPA, but legally, there was nothing they could do.

Apparently the DPA can't be applied to HMRC.

Go back and read what I actually wrote.

I didn't criticise Redmond's products per se. With a bit of work by competent sysadmins and some basic staff training, XP and Office products can be made reasonably secure.

What I criticised was government institutions using "... un-adapted un-hardened Microsoft OSs and apps...." by which I meant Windows, Excel and the rest at the default settings which sacrifice security to so-called ease-of-use.

I also wrote: "I do not claim that open source (particularly 'nix-based) systems would in themselves solve security issues..."

I agree that poorly-trained trained users (and the resultsant misusage) are far more of a threat to security than the systems they use.

37 'data guardians' appointed in one fell swoop? Wonderful! Marvellous! Right-on!

Now that we're done with the meaningless window dressing, where's the story about this feeble civil service's information security policy and standards, the education of the entire civil service on the content of same, the management responsibility to enforce same and the consquences - for the poor bleedin' footsoldiers who sent out those discs - as prescribed in same?

Okay, okay, I was being facetious. How about a little education, for these sacrificial goats......................sorry, sorry, 'data guardians' on the principles of information security?

Still too much? Okay, I understand. Sound fiscal policy in trying financial times and all that. How about a book? One copy, they could read it over one-anothers' shoulders at staff meetings?

No? Ah, I see. Just the bullets for the firing squad then.

I read about the HMRC fiasco and wonder what is going on in the UK. I worked for a Government agency down here in OZ, and data transport between us and other Government agencies was done via FTP. Over a dedicated data-line. With a VPN on it. Encrypted. That was the rule - unless it was sent via the dedicated encrypted VPN lines, the data did not move without clearance the the Security section. Want to sent a data file via e-mail? Better get it vetoed first, otherwise the email firewall would bounce it to high heaven and you'd get a message asking you to report to ISS to get screamed at.

Yes, it sometimes made for tedious delays, but considering the data we were handling (*mucho* personal) we considered it an acceptable evil compared to the alternative - with the "open policy" 'round here, anybody leaked the data would have been handed over to the media, bound and gagged.

No, it would not have stopped someone from copying the data onto discs and sending them by mail... but the point of all this is: there was a *secure* alternative in place for data transfer. In OZ, where traveling 100km to work is considered simple commuting. So I still don't get it when the UK's goverment departments, which (comparatively speaking) live in each other's back pockets, still use unsecured methods to send data.

Personally, I think a Minister or two should lose their job over this one - might make the next think about putting decent policies in place.