The other factor which feeds in to councils' inability to handle data securely is the sheer amount of noise they want to collect with the useful data.
A few years back I had an argument with my local council over this very topic. They were conducting a periodic audit of people who had a council tax discount to ensure they were still elligible, that part I have no argument with. However, the way they went about it was utterly broken. They first, without informing me, attempted to access my credit history. Because I'd not taken out any new credit for a *long* time it was empty. They then decided they wanted to see my bank statements. This was all in an effort to determine that I was still elligible for the single-occupancy discount. I had a huge back and forth with them arguing that the information they were requesting was in no way suitable for confirming this. Eventually they backed down, but not without a fight and getting a local councillor involved.
However, if I'd not fought this the council would have ended up with copies of my credit history and bank statements in a context where providing that information was entirely pointless. If they keep can't manage data efficiently it is no surprise that they cannot handle it securely either.