Last week, the UK Home Office cancelled a £1.5 million contract with PA Consulting Group after PA admitted losing the personal details of the entire UK prison population.

According to the IT industry website, theregister.co.uk , the data, which included names, addresses and dates of birth, was lost when a “rogue employee”, as PA Consulting described their employee, transferred the information onto an unencrypted, unmarked USB memory stick and then lost it.

It’s an embarrassing bungle, and underpins the threat posed to privacy by centralised data storage. But what makes this case particularly interesting is that PA Consulting was part of the leading consortium in the bid to implement the Howard Government’s now-defunct Access Card.

The stuff-up in the UK highlights the point that no matter how secure a company or government claims its processes and computer systems to be, information will never be completely secure in an age when a single employee — “rogue” or otherwise — can “slurp” huge quantities of personal information to a USB stick or palm-sized hard drive in a single gulp.

While we might concede that governments need some information about citizens to carry out basic functions, the ongoing trend towards centralised storage of sensitive personal information, and the outsourcing of such information, makes it almost inevitable that sooner or later there will be a massive privacy breach.

While the Rudd Government ditched the Access Card last December, it’s likely that it will return in another form, under this or a future government.

The latest breach in the UK shows that the only way to protect the privacy of citizens is for governments not to collect personal information in the first place.