Minsters are squirming after the details of 84,000 prisoners in England and Wales were reported lost on Friday.
The data was supplied by the Home Office to contractor PA Consulting but was transferred, unencrypted to a memory stick and subsequently lost.
The Information Commissioner has described the loss as "deeply worrying". Searching questions must be answered about what safeguards were in place,” said David Smith, deputy commissioner at the ICO.
The missing memory stick includes unencrypted details about 10,000 prolific offenders and data on all 84,000 prisoners in England and Wales.
PA Consulting told the Home Office on Monday that it feared it might have lost the data and confirmed the next day that it could not locate the memory stick. No more data will be transferred to PA Consulting during the investigation into the loss, the Home Office said.
Philip Wicks a security expert at IT services firm Morse said, "This case highlights the fact that it isn't just laptops that you need to secure to protect against data loss in the event of them being lost or stolen."
"Organisations need to ensure they have controls in place to protect the data on memory sticks, and other removable storage devices such as iPods and discs, so that if they are lost and end up in the hands of criminals the data can’t be used for unscrupulous purposes."
Wicks said that there seemed to be "a culture of letting anyone download anything onto a memory stick."
He called for a reversal of this approach so that downloading was forbidden, unless people who absolutely needed data on portable media could demonstrate that the information would be held securely. "If this is done, data security will be vastly improved," he said.
PA Consulting has not so far commented on the data loss.
The BBC has calculated that the government has lost the personal information of up to four million citizens in one year alone. Earlier this week, the Ministry of Justice said it had lost the personal details of 45,000 people in a string of incidents over the past year. Last month the MOD revealed that 658 of its laptops had been stolen over the past four years.
Earlier this week, DeviceLock highlighted the growing use of removable storage devices - such as memory sticks - in the removal of sensitive information from corporate networks.
Find your next job with techworld jobs