Just sent this to my MP ...
... via http://www.writetothem.com. Please feel free to use it as a template:
I am extremely concerned about the loss of data from HMRC. There is something fundamentally wrong with the whole system:
1. How was an entire data dump to removable media even possible without at least several layers of security and permission?
2. Why was sensitive information sent in unencrypted form (this would apply regardless of the means used (see point 3 below)?
3. Why was physical transfer of data disks necessary? It should have been possible to send this directly via a network (though see point 4 below).
4. What does the National Audit Office want the information on 25 million people for? (I have one legitimate answer in mind, but I want to know yours).
5. Why was a courier service with a known lousy record chosen for this service? What was wrong with supporting the Royal Mail?
Beyond these questions on the specific incident, there are three others:
a) Will you support a full investigation of this incident, with penalties including prosecution under the Data Protection Act ?
b) Will you support the creation of a government-funded compensation and assistance scheme for any victim of identity fraud if it can be shown that, on the balance of probability, their data came from this database?
c) Do you still support the creation of a national ID database in the light of the incompetence shown here?