According to BBC news, UK Chancellor Alistair Darling has admitted "loss" of 25m records by UK Revenue and Customs. 2 disks containing personal information including names, birth dates, National Insurance Numbers and bank account details of 25 million people, essentially of all families resident in the UK with at least one child under 16. He added, that there has been no evidence that this data has fallen into the hands of bad guys, but adviced those 25 million people to watch their bank accounts.
Translated from political into real world language, this means that those disks have indeed fallen into wrong hands, and that most probably some identity theft and fraud activity is already going on.
I don't know much about how UK public services are dealing with IT governance, with compliance issues and wether they are aware of the risks related with large collections of identity information. But I assume that it is not so different to the situation over here in Germany, where governmental institutions
- are absolutely resistant against any external IT related expert advice
- have little or no internal expertise in that field
- always insist on having access to any kind of data collection, even if it does not make any sense and even if they do not have the manpower to extract identity information from that data