NHS
The Information Commissioner cannot perform random audit checks on any data controller/data processor under the DPA. There is a limited ability to audit government departments, NHS and telcos but this came after the Commission commenced its “ongoing” infraction proceedings in 2005.
^^ That's odd because we've (Scottish NHS board) have been told they can come in at any time and audit us, in fact at least one NHS board in Scotland has invited them in to do exactly that.