ICO Anyone?
So anyone else around here think this should be an issue for the ICO? Surely a breach on such a system would constitute contravention of the DPA?
The guidelines are quite clear around information classification standards and governance of access to said information, whether the system is any good or not performance wise is irrelevant, granting of access to information of the highest classification can result in fines and prosecutions...
They'll even come to you for a chat about it https://ico.org.uk/for-organisations/charity/
Just sayin'.