All Whitehall staff have been banned from removing laptops containing unencrypted personal data from offices in the wake of the Ministry of Defence data loss.
Cabinet secretary Sir Gus O'Donnell sent an email to top civil servants on Monday night warning them that laptops and hard drives containing personal data could not be removed from government premises unless they are encrypted.
The directive is expected to result in the encryption of large amounts of data to enable officials to continue doing their jobs within the restrictions of the ban.
The ban has taken effect immediately and senior civil servants have been told to monitor compliance.
It follows defence secretary Des Browne's admission that three MoD laptops containing around 600,000 details of servicemen and recruits have been stolen since 2005. In addition, figures obtained by the Conservatives claim the department has lost a total of 347 laptops since 2004.
Read this
Feature: The top 10 IT disasters of all time
From faulty satellites nearly causing World War III to the Millennium Bug, poorly executed IT has had a lot to answer for over the years...
Sir Edmund Burton, chairman of the Information Advisory Council, is examining weaknesses in the MoD data security procedures and there is an ongoing cross-government review of data handling following HM Revenue & Customs' loss of 25 million child benefit claimants' details in the post.
The government has suffered a catalogue of embarrassing security breaches, which includes the NHS losing hundreds of thousands of patients' records, the DVLA losing three million learner drivers' details and the loss of more than 4,000 patient details by primary care trusts in Stockport and Oldham.
Talkback
What about banning the use of portable media such as CD's DVD's, USB drives, Flash drives etc. completely. Or better still put in place methods to securely encrypt such media automatically whenever they are used - without exception and without the possibility of bypass and, in this case also including electonic data transfers. And of course have procedures to confirm, audit and enforce compliance.
Breach or circumventing any of these measures, or any unauthorised or improper removal of data by any individual to be to be considered as 'gross misconduct' leading to instant dismissal.