Having just read the article on FlyingHamster taken from here: http://news.bbc.co.uk/2/hi/programmes/moneybox/5287478.stm I was overcome with a sense of complete incredulity that the UK's Information Commissioner (Richard Thomas) was quoted as being the man "who enforces the Data Protection Act" . . . My own extensive experience of dealing with Mr Thomas and his various Deputy and Assistant Commissioners has left me believing that they are averse to actively enforcing anything of the kind.
Their usual explanation for not taking any action over data breaches (whether affecting only one person or the wider public) is that they have "discretion" on how to proceed and that in "this instance" (for this instance read almost every instance) that the Commissioner has decided not to take any further action. This is especially the case when government departments are involved in breaches of confidential data!
In the aforementioned article, Mr Thomas mentioned that the "UK already has a higher level of legal protection than the US". I am not too familiar with US Data Protection Legislation, but if it is worse than that which we have here, then I really do feel for those poor souls elsewhere whose lives are affected by this burgeoning problem.
Whilst accepting that the UK does have a veritable plethora of laws covering information and data security, (and to be fair, some of them are actually quite decent) they are less than worthless if they are never to be upheld and enforced.
I am sure that I am not the only person who works in this field here in the UK who would love to see some real "enforcement" of the existing laws instead of the indolence, apathy and disinterest we currently see from the Office of the Information Commissioner.