The Government's data watchdog has lashed out at corporate complacency over personal information security, labelling some recent breaches "horrific" and "careless and inexcusable". In its annual report released last month, the Information Commissioner's Office (ICO) asks some penetrating questions: "How can laptops holding details of customer accounts be used away from the office without strong encryption? How can any bank chief executive face customers and shareholders and admit that loan rejections, health insurance applications, credit cards and bank statements can be found, unsecured, in non-confidential waste bags?"

The report also summarised the year's biggest security breaches, featuring household names such as Orange, Alliance & Leicester, Barclays Bank, HBOS and the Post Office.

"Historically there hasn't been much of a business case to protect data, but this name-and-shame policy should provide a stronger reason," said Cliff Evans, principal head of ID management at CapGemini. "There's no lack of technology or process blueprints here, just a lack of urgency to implement them. It'll take a few more high-profile cases of brand damage to drive the lesson home."