That was the title of a PAG presentation in January 2008. At the time we were concerned about organisations' ability to secure all the electronic data about individuals that was being amassed. Risks, actual and potential, that our data may be misused or mislaid were discussed. Our report of the meeting went on to say:
'Recognising that it would be impractical to seek to hold back advances in information technology, the meeting called for the Government to establish a straightforward and readily enforceable regime that promptly penalised inadequate data protection or misuse. Such a regime should ensure that all government agencies and commercial organisations requiring clients to reveal private personal data should be deterred from allowing it to be used for purposes not originally agreed or failing to safeguard it from falling into unauthorised hands.