Norfolk, according to a recent article, is a hotbed of Data Protection Act breaches: with multiple incidents – more than 150 since 2008, apparently – at Norfolk County Council, at regional hospitals and the police force. With breaches ranging from misuse of privileged access to personal information to real negligence – a child protection report that was hand-delivered to the wrong address – the picture that emerges is one of a county in which there is widespread failure to understand the requirements of the DPA, where errors and abuse go hand-in-hand, and the security of personal data appears to depend more on luck than on a systematic, organised approach to its protection.
Isn’t it remarkable that, nearly 14 years since the passage of the DPA, and in spite of the Information Commissioner having the power to levy pretty significant fines, there should be such a pervasive disregard of the basic principles of protecting personal data?
