The Government’s data watchdog has lashed out at corporate complacency over personal information security, labelling some recent breaches “horrific” and “careless and inexcusable”. In its annual report released last month, the Information Commissioner’s Office (ICO) asks some penetrating questions: “How can laptops holding details of customer accounts be used away from the office without strong encryption? How can any bank chief executive face customers and shareholders and admit that loan rejections, health insurance applications, credit cards and bank statements can be found, unsecured, in non-confidential waste bags?”

The report also summarised the year’s biggest security breaches,featuring household names such as Orange, Alliance & Leicester, BarclaysBank, HBOS and the Post Office.

“Historically there hasn’t been much of a business case to protect data,but this name-and-shame policy should provide a stronger reason,” saidCliff Evans, principal head of ID management at CapGemini. “There’s nolack of technology or process blueprints here, just a lack of urgency toimplement them. It’ll take a few more high-profile cases of brand damageto drive the lesson home.”