As if putting the details of every child in the country on a few CDs and then losing them wasn’t bad enough, there could be a darker tale waiting to be told about the UK government and security.

This week we have learned that in the last three years, hundreds of staff at the HMRC department responsible for the historic CD loss disaster have been ‘disciplined’ for accessing sensitive data, in some cases resulting in dismissal.

With a level of complacency that deserves a deafening round of ironic applause, UK Treasury financial secretary Jane Kennedy is reported to have lauded the figures in the House of Commons as showing “the strength of HMRC's disciplinary procedures."

She is being serious apparently, though I guess that’s what officials have to say when they are being paid to miss the point in the hope that not many people will notice.

Here’s another way of interpreting the same facts. Around 200 staff at one government department are being hauled up each year for accessing private data (most likely) on ordinary citizens, and that’s bound to be a huge underestimate of the number who have got away with it without being rumbled.

We know nothing about what made the files sensitive, what motivation beyond nosiness might have been behind the access by these people, whether any of the people were working in concert or not, nor which systems the department used - and uses - to monitor data for trespassers.

The current UK administration has overseen a vast expansion of the databases held on ordinary citizens, in many cases by merging smaller ones that existed before they came to power in 1997. Not least, this includes the invention of the mega-department that is now causing the most disquiet, the HMRC itself, created in 2005 from two separate organisations.

Within minutes of the story hitting the BBC, companies were sending out comment promoting a variety of content protection systems – more technology, in other words, to solve a problem created by the careless use of technology.

So how many people could have accessed the data sent out on those two CDs that everyone was fretting about only a few months back? It’s hard to say, but I’ve seen estimates that put it in the tens of thousands, and possibly more.

As the databases have expanded and consolidated, so has the potential to abuse them. Nothing the government has said in the months since the HMRC CD scandal should convince anyone that this data is not as vulnerable as it has always been. CDs are the least of it. The data losses we should worry about are the many we probably don’t know about and can’t know about. Nobody knows about them because there is no means of detecting them.

The obsession with gathering data on people in huge data sets accessible from all corners of the state is an out-of-date philosophy, but the technocratic ethos that set this process in train has been slow to wake up to the new era, one where security is multi-faceted.

But one thing we should be sure of when attempting to slam the back door: Criminals are just cleverer than governments. They always have been, and always will be.