Not sure about how the HMRC (soon to be re-named yet again!) rolls, but where I work we have no access to encryption tools.
The department does use encryption and encryptor cards for a lot of stuff, but only ever in the most banal and useless way possible. Hell, even the flexi system has encryptor cards, I guess at great expense, to stop people from somehow fiddling their in/out times. Of course, that is simply defeated by giving your card to someone else when you leave early if you are that way inclined.
MI staff have pretty much full access to the databases via whatever applications they use, but are usually poorly trained and normally only in the job because its a promotion opportunity, not because they have an interest in stats or have any knowledge of the systems. So if someone was told "give me xxx, stick it on a DVD and post it to here" by a manager (also unskilled and there just because it was a promotion opportunity) they would do it without batting an eyelid.
Data protection is not a part of any training MI staff receive, so its only the people who give a crap who would question this. And then they would either be ignored, or someone else asked to do the work because the place is full of yes men. Answering someone above you with "No" isn't the way to be promoted, sadly.
Slashdot Mirror
Not sure about how the HMRC (soon to be re-named yet again!) rolls, but where I work we have no access to encryption tools. The department does use encryption and encryptor cards for a lot of stuff, but only ever in the most banal and useless way possible. Hell, even the flexi system has encryptor cards, I guess at great expense, to stop people from somehow fiddling their in/out times. Of course, that is simply defeated by giving your card to someone else when you leave early if you are that way inclined. MI staff have pretty much full access to the databases via whatever applications they use, but are usually poorly trained and normally only in the job because its a promotion opportunity, not because they have an interest in stats or have any knowledge of the systems. So if someone was told "give me xxx, stick it on a DVD and post it to here" by a manager (also unskilled and there just because it was a promotion opportunity) they would do it without batting an eyelid. Data protection is not a part of any training MI staff receive, so its only the people who give a crap who would question this. And then they would either be ignored, or someone else asked to do the work because the place is full of yes men. Answering someone above you with "No" isn't the way to be promoted, sadly.