A "damning", confidential Joint Intelligence Committee report into the security situation in Iraq, and a top-secret document assessing the weaknesses of terrorist network al-Qaeda have been found on a Surrey-bound commuter train, and handed in to the BBC.

A nationwide police hunt for the missing documents had been set in motion, only for a passenger to find the seven-page document – wrapped in a business magazine – on a train out of Waterloo. The papers belonged to a senior official.

This latest security breach is yet more evidence that private or top-secret data is being entrusted to public officials who have little regard for, of knowledge of, security protocols, and that even the most basic security measures are not being followed by the Government and its agencies in the handling of sensitive information.

The security lapse is the latest in a woeful list of preventable public-sector breaches, which have included the loss of data on 25 million child benefit claims in internal post, mislaid personnel records for the armed services, the loss of patient details by several NHS trusts, dozens of mislaid or stolen government laptops, and the mishandling of data on driving tests.

Each of these cases was preventable, and all are inexcusable. The private sector has not been immune, but the public sector is in the employ of British citizens and is entrusted by them with our national security, and our individual security.

The time has surely come for a bottom-up assessment of security and data management procedures, rather than the top-down approach favoured by a Whitehall that is fond of throwing money at projects, but which has scant regard for training, staff, and management.

Let's say it again: security is about people, not about technology; security is about policy and good management, not about the size of the deal; security is about the most junior employee in the office, not the CEO or the minister; security is about not sitting on a crowded train with top-secret documents while clinching confidential deals on your mobile... it's not about hackers and firewalls.

One can only imagine the arrogance and stupidity of the official involved, flouting conventions concerning encryption and location as he joined bankers and brokers on the train home, the document nestled in his copy of the FT like some advertising insert.

Indeed, it's becoming clear that the Government's attitude to data is akin to the City's attitude to stocks and shares: they're things to be traded, and are only of value en masse. In a portfolio of stocks, you hope to win more than you lose. It's a national scandal and until Whitehall reviews security at every level, all plans for a national ID scheme should be put on hold.