Of the four recent reports into government data losses, three investigated the background conditions to highly publicised breaches at HMRC and the MOD. Coupled with other information relating to less high-profile breaches at the NHS and the Department of Work and Pensions (DWP) and the MOD again, they paint a very disturbing picture. It would seem that even where departmental policies were in place, they have been in general disregarded for reasons of operational expediency. That's rather on a par with leaving your car keys in the ignition all the time so you can get away more quickly in the morning. Except that in this case, it's been someone else's car that you left the keys in and it got nicked as a result.

Government departments are not short of security guidance. One of the primary functions of CESG, which describes itself as "the national technical authority for information assurance", is to offer security advice to government. It not only creates and publishes standards and policies, but in addition delivers security services including the highly reputed CHECK scheme for infrastructure security validation and CLAS consultant validation programme. But none of that is any use if the departments it advises view security as no more than a set of hurdles to be leapt at audit time, or as a drag on the conduct of their day to day business. These are commonplace attitudes in the corporate world as well, as attested by recent data leaks from e-tailers and financial services companies. However, in general government holds, and is therefore likely to lose, much more valuable assets, as government increasingly knows much more about each of us than any commercial enterprise. The scale of the problem is huge and seems to be growing. The microscope is already unnecessary – you almost need to look through the wrong end of a telescope to see the whole picture.

This is not, however, an esoteric problem, the solution to which depends on abstruse technical concepts or huge capital cost. It's a matter of attitude – of willingness on the part of government staff to take personal responsibility commensurate with the power vested in them. At its simplest it comes down to "don't leave top secret documents on a train", "don't leave your laptop in your unattended car, particularly overnight" and "don't send the password through the post in the same envelope as the encrypted CD" – oh, and do remember to zip your fly before leaving the house.