Re: Data Protection
I expect the software will have the ability to provide full access control to whomever you wish. The failure will have been during the implementation something along the lines of this:
Implementers - "Right, we'll need to create access control groups with suitable granular levels of access and carefully audited membership"
Scouts people - "oh just set up the one group and bung everyone in that, that'll be ok won't it?"