It's not worth listening to a word the government has to say on this subject, at least until the police properly enforce RIPA and the ICO starts taking real action against those in the private sector that are going against the DPA.
The ICO by the way conveniently only records whether the organisation involved in an investigation is within the private or public sector when the matter is brought to their attention by the organisation itself. So anybody from outside reporting the leakage or sharing of personal data will not have this information recorded in their complaint. A bit too convenient considering the ICO has allowed itself to become little more than a way for the treasury to claw back funding since it makes it pretty much impossible to calculate the ratio of who has been fined in the public versus private sector for the cases that have been raised.