As everyone living in the UK should be aware there has been a serious error in data protection involving the UK Tax Authority ,  the auditor of UK Central Government as well as a private  courier firm. In summary

• The auditor asked for a dump from the UK Child Benefit database. It's unclear whether this was a valid request or not.
• The data was dumped and recorded onto two disks.
• The disks were then sent through the outsourced postal operation. This should never have happened.
• The data never arrived.
• The disks were resent this time recorded delivery.
• The data lost and potentially in the wild includes social security details, dates of birth, names , addresses, bank details and so on for 25 million individuals (including my family).

It seems highly likely to me that the "Junior Official" involved was a DBA, though perhaps a systems administrator was involved.

There has been, and no doubt will continue to be, a significant discussion around the appropriate procedures and technologies in use. Oracle might for example cite their Secure Backup product. The relevant junior minister last night spoke on National radio and played down concerns about our proposed national ID Card on the grounds that it was newer technology and so would not suffer the same problem.

For me though the technology is really rather irrelevant - security here is a people issue. There appear to have been a number of people failings

• First, how does any auditor justify asking for sensitive data on CD.
• Second, what management instructions were given to the official concerned ("co-operate with the auditors" seems to me to be the most likely)
• Third, how does any it professional with access to sensitive data consider burning it to CD and sending it through the post.

It doesn't encourage me that the minister apparently believes both that people won't make mistakes with ID data or that it is OK to go on record as saying that the Child Benefit data is stored on an outdated and inherently insecure system. The first is certainly untrue and one would hope that the second was equally untrue.