credit card application forms ?
"a specific example of a big corporation being let off the hook by the ICO "
credit card application forms ? They have everything a fraudster might want.
You do remember the case in 2008 where a server used for processing credit card applications for Amex, NatWest, and RBS was sold off on fleaBay, while still containing images of the paper application forms, don't you? The individual who bought the server was Andrew Chapman, the subcontractor doing the processing was called Graphic Data.
e.g. http://www.zdnet.co.uk/news/security-management/2008/08/26/amex-rbs-natwest-customer-details-sold-on-ebay-39465455/ and
http://www.theregister.co.uk/2008/08/28/data_bank_details/
I can't remember what (if anything) the ICO did about it, and (oddly enough) the popular search engine also doesn't easily find any reports of what action they took. Perhaps someone else can find something, as absence of evidence of action is not evidence of absence of action.
But until someone produces details of what the ICO did in this case, I rate this one as "big corporations being let off the hook"
And that's one of the rare ones that made it as far as the press. M'learned friends working on behalf of the private sector and in particular finance companies usually work better and more rapidly than they did in Andrew Chapman's case.
I'm sure there are plenty more examples, but I have other ting to do.
As others have already noted, the way to get folks attention to detail to prevent cases like this is to hold the Chief Executive (or similar) personally responsible. After all, when things are going well, they pay themselves as though the success was their personal doing. So when they let things go wrong, surely the same principle should apply.