West Lothian and email

[ukcrypto@chiark.greenend.org.uk]

BBC Radio Four's "InTouch" programme had an interesting piece about  
'data protection paranoia', and a blind woman who was told by her  
Mental Health trust that they could not email appointment details to  
her because of data protection laws.

With an IT overhaul costing billions hasn't anyone heard of encrypted  
email?  (Not that encryption is needed.  They'll talk about  
appointments over POTS an mobile phones.  And they're happy to post  
appointment information.)

A local trust has insisted that any USB Sticks (flash drives, whatever  
you call them) have to be Sandisk Cruzer Enterprise encrypted disks.   
I'm not sure if they're using the "too many tries and the data is  
wiped" option, but most passwords I've seen people use are less than 9  
characters, with one capital and one number.  Is this better than  
nothing?  or is it creating a false sense of security?