you can blame procedures if you want, but any IT system that tries to be a little bit secure never stores passwords or indeed links identity to data on the same system anywhere.

this is an architectural issue, and for a company that has consulting revenues of over a billion a quarter should more embarrass them .

personally i have no problem with identity cards - i have a swiss one of course but you don't see stories in the paper about the whole database getting downloaded onto a memory stick