HMRC: CDs should be treated the same as the Server Room
This is rapidly turning into the HMRC data breach blog! I post a lot about this issue at the moment because I have personal vested interest as do many others, there are further developments almost on a daily basis, and for anyone who cares about the security of personal information in the UK, this is still a huge issue which frankly still gives me great cause for concern, and provides much thought about data security in general, which I feel compelled to write about. Anyway, I was in discussion with several people today in regards the missing HMRC CDs, one view was that HMRC regarded the internal mail as "private" postage, a view which doesn't sit with me at all. The way I think about it is like this, if you were to copy the company's entire database, "The" Crown Jewels of the organisation to a piece of media. Shouldn't you be applying the same security measures as to the live database, as held on the Servers? Think about all the physical security as...