I'm an Information Security Professional and a victim
I'm an Information Security Professional and a victim of this, our government (rightly) expect companies to secure people's personal information (DPA), yet here is a government department who has yet again breached our trust.
There are several secure alternatives that the HRMC could of used to transfer this type of data to Standard Life, pretty much all of them are actually cheaper and more efficient that putting non-encrypted data on a CD and shipping by a courier.
Why has it taken so long to disclose? They knew about the lost CD for over a month before telling the folks that were affected.
Finally when I called them on Monday for more info about it, I was completely misled, and was told the data on the CD was encrypted, when it wasn't, which I had confirmed today.
This is just complete incompetence on HMRC's part, and it's not like it's the first time they done this sort thing, if it was a company rather than government I would certainly expect to see a big fine.
Read my Blog blog.itsecurityexpert.co.uk for more details.