@ oldcodger
Quoth the codger: "Another limp wristed whitewash does NOT send the correct message to the thousands of public service employees who are still failing to safe guard other peoples data."
Oh, shit, not that crap again! Howsabout let's stop "sending messages" and use the language to state unambiguously the objective?
Whatever the means used to communicate it, it's clear is that "the correct message" isn't getting through to the working level. I wouldn't be surprised if it gets lost in a cloud of bureaucratic instructions that working level employees simply don't have time to deal with. Where I used to work, they had a policy and procedures manual a good 4" thick, but only managers had a copy and the grunts had no idea what it contained. Bury an important objective in a tome like that, and no one is going to even notice.
Time, perhaps. to revert to sending each employee (including dimwit managerial types) a personally addressed letter from the Big Boss stating in as few words as possible what's required. Send it by Royal Mail to their home addresses, too, so it's clear it's not just more bafflegab from HR.
Which leads me to wonder if maybe it's HR departments and their bureaucratic ways that are the real stumbling block. Oh, yippee, a chance to screw over the useless twits in HR!