The loss of sensitive government data from lost or stolen laptops has become so serious that civil servants’ use of them has been severely restricted. Under an order issued on Monday by Cabinet Secretary Sir Gus O'Donnell, government and agency staff will only be allowed to move computers out of their offices if the data within them has been fully encrypted.

The Cabinet Secretary's email to senior officials, disclosed on Monday, states that "no unencrypted laptops or drives containing personal data should be taken outside secured office premises." A large operation is reportedly under way in Whitehall to encrypt the data loaded into laptops, brief those who use it on the new tougher regulations, and monitor their compliance.

The move follows a series of highly publicised losses of laptops containing names and addresses and other details of people who have dealt with government agencies, including HM Revenue & Customs, the Ministry of Defence and Driver & Vehicle Licensing Agency.

Speaking after the revelation that three laptops with unencrypted personal data have been stolen from his ministry’s staff since 2005, the latest stolen from a recruitment officer's car in Birmingham, defence secretary Des Browne told the Commons yesterday that "it is not clear to me why recruiting officers routinely carry with them information on such a large number of people or, indeed, why the database retains this information."

The MoD’s internal investigation suggests that 69 laptops and seven PCs have gone missing over the past year, although there is no suggestion that more have been stolen. The latest loss includes details on people whom submitted personal information when registering an interest in njoing the armed forces, but are not necessarily on their payroll.

Mobile working vs privacy protection
The instructions issued by O'Donnell, amount to little more than a restatement of existing government data security procedures, which are similar to those adopted by most commercial organisations handling customer data following guidelines from the Information Commissioner's Office. The need to issue them – and the setting-up of a comprehensive enquiry into privacy breaches under Information Advisory Council chairman Sir Edmund Barton – is an admission that a more relaxed culture has developed around information use in parts of the civil service. In being allowed to take data-carrying laptops and hard drives out of a secure building, if the contents are encrypted, public officials will still be exercising more freedom than some private companies, which require the data to remain within secure buildings at all times.

Suppliers of encryption services say their codes will protect personal data even if a laptop is stolen. But the discovery this week of paperwork containing personal details, dumped ona public street near Exeter Airport, and last year’s loss in the post of two HMRC disks contining 25 million benefit recipients; details, highlights the danger that those following the rules on electronic data could still accidentally divulge it if they take a printout or copy it to another disk.

The other part of Sir Gus O'Donnell's instruction asks senior civil servants to ensure that their staff can continue to work normally while the new laptop restrictions are in force. The evidence now coming to light of how far these normally travel, and how much data-related work goes on outside public offices, suggests this could be the hardest part of the supremo's memo to enforce.