Charity for Charities
Given the average charity (i.e. not the Red Cross, et al), can't afford a large IT department with Data Protection and IT security experts, it does raise the question as to whether the ICO should be funded to run education and consultancy courses for small charities on Data Protection and security?
In a former role looking after a local authority housing system, I ended up having to book out time to meet with the local housing charities and explain to them fundementals of the DPA98, such as it also applies to paper files (which a number of the local charities thought wasn't the case)
In this case I would suggest a small amount of government expenditure on education would pay back dividends in improved data protection, and less enforcement and investigation costs.