Never send unecrypted CD's
The problem businesses have is that no one offers "native" CD encryption. Of course this isnt an excuse BUT I have just completed the worlds largest single domain encryption program with one of the UK's largest banks and along the line we put in place a system of sending encrypted memory sticks to HMRC. Initially they were hesitant to accept this BUT we got there in the end.
There is no excuse for Standard Life, quite simply unencrypted CD's should NEVER have been used in the first place.
The other thing is that direct connect, a system that allows you to send info to the other end securely, costs an absolute bomb. However what is the value of that lost CD? Most organisations wont look at the cost of a cd being lost and in all honesty the cost of that lost CD is probably a lot higher than the costs of direct connect?
Naturally, as Im the worlds leading integrator of security encryption, I remain available for all massively over priced contracts :)