
A further breach of DPA
It is incumbent on the Data Controller to take steps to ensure that personal information is stored in such a way as to avoid it being accessed or processed in an unauthorised manner. It would be my contention that webmail systems (Hotmail, GMail or Facebook) do not actually have such necessary technology in place to protect such personal data (and I think the fact that this information has come out shows this). Therefore the DP has already been breached.