I'd get fired for sharing this.
I've worked in the public sector for a few years, prior to that I worked in the private sector. Got to say people are the same, intentions are usually the same too - protect our data. The major difference seems that now that I'm in the NHS they are FAR more likely to put their hands up and say to the ICO "we done balls up bro". There's so little hiding of mistakes, problems it's very refreshing and these are the suppose useless middle managers people love to hate.
In the past few years I've seen huge improvements locally partly due to this attitude, our managers alert the ICO when there's a problem and use that to leverage funding for improvements to information security. It's a good strategy and works well, right up until there's an incident at national level.
Then we're asked to provide information which is completely irrelevant to the breach, produce reports which are focused entirely on NOT fixing it but are all about giving ministers stats they can use to fend off attacks from the press and the opposition parties. There's more fiddling and messing about with the organisation but never new funds, perhaps recycled funds, but it's never sent to fix the problem, it's sent to fix the PERCEIVED problem from the ministers perspective which is rarely the same thing and is typically covering their arses so they can say they did X, Y or Z if asked again.
We dont' work in a silo, we share a lot of information, advice and even staff time with other NHS bodies who neighbour us or who we routinely share information with - I'd argue we do it in a more consistent, measured and targeted way than national procurement etc could ever do. I've yet to see one project run nationally on information security that was a fraction as effective as those done at local levels for less money and run by a local IS professional. It's guaranteed that the instant a politician gets involved though money will be redirected, projects scrapped (some with money already spent on infrastructure which is now less than ideal for any alternate use) etc.