Well.. the ground reality..
As someone commented in the other story in El Reg here, if the application is hacked (SQLi predominantly) then encryption or not, the customer data is open for the hackers.
The web services facing databases at TT are all encrypted well enough (I do know that and thats why I am anonymous today!). The internal systems everywhere will have dob, email address as plain text anyway (Marketing Databases of every company comes to mind). So the question to Dido about the encryption of data is not to the point.
The blame falls on the managers who outsource most of their development as well as maintanence projects to companies which employ less skilled / dispassionate people primarily on the basis of costs and not having enough skilled / passionate people to validate if the delivery is secure enough (or atleast fit for business purpose!) to be deployed to the big bad world.
oh, well.. It is Friday.. and beer time! bring the peanuts and popcorn!