Here are some thoughts for you, however what i would say is every companies duty to ensure that its DPA is of a standard to prevent information being given to the wrong person.
The Act says you should have security that is appropriate to:
• the nature of the information in question; and
• the harm that might result from its improper use, or from its accidental loss or destruction.
The Act does not define “appropriate”. But it does say that an assessment of the appropriate security measures in a particular case should consider technological developments and the costs involved. The Act does not require you to have state-of-the-art security technology to protect the personal data you hold, but you should regularly review your security arrangements as technology advances. As we have said, there is no “one size fits all” solution to information security, and the level of security you choose should depend on the risks to your organisation.
So, before deciding what information security measures you need to take, you will need to assess your information risk: you should review the personal data you hold and the way you use it to assess how valuable, sensitive or confidential it is, and what damage or distress could be caused to individuals if there were a security breach.
An organisation holds highly sensitive or confidential personal data (such as information about individuals’ health or finances) which could cause damage or distress to those individuals if it fell into the hands of others. The organisation’s information security measures should focus on any potential threat to the information or to the organisation’s information systems.
This risk assessment should take account of factors such as:
• the nature and extent of your organisation’s premises and computer systems;
• the number of staff you have;
• the extent of their access to the personal data; and
• personal data held or used by a third party on your behalf (under the Data Protection Act you are responsible for ensuring that any data processor you employ also has appropriate security).